HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 72 guests and 1 member online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow metasploit php
EH-Net
May 26, 2012, 01:06:29 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: metasploit php  (Read 4966 times)
0 Members and 1 Guest are viewing this topic.
COm_BOY
Full Member
***
Offline Offline

Posts: 129


LivinG DeaD


View Profile
« on: October 07, 2010, 07:28:24 AM »
I was trying to practice the following module

hxxp://www.metasploit.com/modules/exploit/unix/webapp/php_include

and if I do it in my home lab I would require a vun. web app . Can anyone recommend me of any pre-configured webapp vun. to this attach so that I can do command execution ? Is webgoat a good option for this attack ?
Logged
It has become appallingly obvious that our technology has exceeded our humanity.
H1t M0nk3y
Hero Member
*****
Offline Offline

Posts: 660



View Profile
« Reply #1 on: October 07, 2010, 08:39:49 AM »
Webgoat is excellent for this. In fact, I use it when I do training on command injection attacks.

The easiest way is to download OWASP broken web apps VM image:
http://code.google.com/p/owaspbwa/wiki/ProjectSummary
Logged
GPEN, GSEC, CEH, CISSP, PMP
apollo
Full Member
***
Offline Offline

Posts: 142


View Profile WWW
« Reply #2 on: October 07, 2010, 12:43:55 PM »
exploit-db and search for Lan Party:
http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=lan+party

That will get you a pretty easy to configure app with mysql that it works great with.  That's what I've done demos on, it was very easy.  If you have an up to date securely configured PHP, you will have to undo things to make remote file inclusion possible.  That will be your only challenge.
Logged
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
COm_BOY
Full Member
***
Offline Offline

Posts: 129


LivinG DeaD


View Profile
« Reply #3 on: October 07, 2010, 01:26:05 PM »
Thanks for the replies , I have got one more question in mind .

I will also need to demonstrate a jsp shell from metasploit and thus I need to have a jsp file on the webserver and when the client executes it using browser we will receive a shell , now the point, inorder for the client to execute the file we need to have tomcat+java and then the mod_jk module and all that configured because apache is not supporting jsp by default . At the moment when i execute http://server_ip/file.jsp it throws a source code rather then just executing it ( i do have java on client ) .

Can you guys recommend a smart and easy web server which is currently supporting jsp by default rather than the above solution .. actually i m not that good at linux Tongue ..


thanks
Logged
It has become appallingly obvious that our technology has exceeded our humanity.
dante
Jr. Member
**
Offline Offline

Posts: 58



View Profile
« Reply #4 on: October 07, 2010, 02:42:46 PM »
Quote from: COm_BOY on October 07, 2010, 01:26:05 PM
Thanks for the replies , I have got one more question in mind .

I will also need to demonstrate a jsp shell from metasploit and thus I need to have a jsp file on the webserver and when the client executes it using browser we will receive a shell , now the point, inorder for the client to execute the file we need to have tomcat+java and then the mod_jk module and all that configured because apache is not supporting jsp by default . At the moment when i execute http://server_ip/file.jsp it throws a source code rather then just executing it ( i do have java on client ) .

Can you guys recommend a smart and easy web server which is currently supporting jsp by default rather than the above solution .. actually i m not that good at linux Tongue ..


thanks

JSP is a server side technology that gets executed on the server and the output of the execution of jsp is provided to the client. If you have a JSP reverse shell uploaded to the server, when you are accessing the jsp file you are getting the shell of the server and not that of the client. If you want infect client, think interms of flash, pdf, browser
Logged
COm_BOY
Full Member
***
Offline Offline

Posts: 129


LivinG DeaD


View Profile
« Reply #5 on: October 07, 2010, 03:28:48 PM »

JSP is a server side technology that gets executed on the server and the output of the execution of jsp is provided to the client. If you have a JSP reverse shell uploaded to the server, when you are accessing the jsp file you are getting the shell of the server and not that of the client. If you want infect client, think interms of flash, pdf, browser
[/quote]

You really mean to say that jsp files cannot be executed on client systems ? here is the post I was trying to do
hxxp://carnal0wnage.attackresearch.com/node/389

Please let me know if I am doing some mistakes
« Last Edit: October 07, 2010, 03:47:31 PM by COm_BOY » Logged
It has become appallingly obvious that our technology has exceeded our humanity.
dante
Jr. Member
**
Offline Offline

Posts: 58



View Profile
« Reply #6 on: October 07, 2010, 03:44:40 PM »
Original  link:http://exploit.co.il/hacking/metasploit-java-meterpreter-payload/

its a java applet and not jsp file... you do not need tomcat nor a server if you follow that link...

You just need a client  machine with JRE installed.

The demo would be more impressive if you are not executing the jar file manually on the client side as shown in the link you provided. Instead you should probably write a html that embeds the applet and this html should be hosted in the server(any static web server would do).. Now when the client  access the web page hosted on your server, you will get a shell of the client...

Update: I didnt see that you edited your post to a new link...
jsp files are not executed on client system period.
What follows is not an accurate explanation and does not cover all cases... but I believe will help you to understand...
jsp,php,asp - all are executed on the server side and provides the output in html format and this html is sent by the server to the client and the client usually a browser renders the html. You should read about how web applications are developed.
« Last Edit: October 07, 2010, 04:01:16 PM by dante » Logged
COm_BOY
Full Member
***
Offline Offline

Posts: 129


LivinG DeaD


View Profile
« Reply #7 on: October 07, 2010, 03:48:34 PM »
Quote from: dante on October 07, 2010, 03:44:40 PM
its a java applet and not jsp file... you do not need tomcat nor a server if you follow that link...

You just need a client  machine with JRE installed.

The demo would be more impressive if you are not executing the jar file manually on the client side as shown in the link you provided. Instead you should probably write a html that embeds the applet and this html should be hosted in the server(any static web server would do).. Now when the client  access the web page hosted on your server, you will get a shell of the client...


sorry , I did posted the wrong link and now I have edited my previous post , can you check the link out now
Logged
It has become appallingly obvious that our technology has exceeded our humanity.
H1t M0nk3y
Hero Member
*****
Offline Offline

Posts: 660



View Profile
« Reply #8 on: October 08, 2010, 06:35:42 AM »
BTW guys, the title of the thread is "Metasploit php"...  Wink
Logged
GPEN, GSEC, CEH, CISSP, PMP
COm_BOY
Full Member
***
Offline Offline

Posts: 129


LivinG DeaD


View Profile
« Reply #9 on: October 08, 2010, 07:37:13 AM »
Quote from: COm_BOY on October 07, 2010, 01:26:05 PM
Thanks for the replies , I have got one more question in mind .

I will also need to demonstrate a jsp shell from metasploit and thus I need to have a jsp file on the webserver and when the client executes it using browser we will receive a shell , now the point, inorder for the client to execute the file we need to have tomcat+java and then the mod_jk module and all that configured because apache is not supporting jsp by default . At the moment when i execute http://server_ip/file.jsp it throws a source code rather then just executing it ( i do have java on client ) .

Can you guys recommend a smart and easy web server which is currently supporting jsp by default rather than the above solution .. actually i m not that good at linux Tongue ..


thanks


I am working on that php one by installing webgoat .. however I was also stuck at jsp shells so i continued here only .. I think i should have started another thread for that
« Last Edit: October 08, 2010, 07:39:56 AM by COm_BOY » Logged
It has become appallingly obvious that our technology has exceeded our humanity.
vekarman
Newbie
*
Offline Offline

Posts: 25



View Profile
« Reply #10 on: October 15, 2010, 08:09:23 AM »
Hi COm_BOY,
Quote
and if I do it in my home lab I would require a vun. web app . Can anyone recommend me of any pre-configured webapp vun.

Download Damn Vulnerable Web Application from
http://www.dvwa.co.uk/

HTH
Logged
CISSP
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.139 seconds with 23 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.