.

metasploit php

<<

COm_BOY

User avatar

Full Member
Full Member

Posts: 129

Joined: Tue Feb 03, 2009 10:40 am

Post Thu Oct 07, 2010 7:28 am

metasploit php

I was trying to practice the following module

hxxp://www.metasploit.com/modules/explo ... hp_include

and if I do it in my home lab I would require a vun. web app . Can anyone recommend me of any pre-configured webapp vun. to this attach so that I can do command execution ? Is webgoat a good option for this attack ?
It has become appallingly obvious that our technology has exceeded our humanity.
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Thu Oct 07, 2010 8:39 am

Re: metasploit php

Webgoat is excellent for this. In fact, I use it when I do training on command injection attacks.

The easiest way is to download OWASP broken web apps VM image:
http://code.google.com/p/owaspbwa/wiki/ProjectSummary
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Thu Oct 07, 2010 12:43 pm

Re: metasploit php

exploit-db and search for Lan Party:
http://www.exploit-db.com/search/?actio ... =lan+party

That will get you a pretty easy to configure app with mysql that it works great with.  That's what I've done demos on, it was very easy.  If you have an up to date securely configured PHP, you will have to undo things to make remote file inclusion possible.  That will be your only challenge.
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

COm_BOY

User avatar

Full Member
Full Member

Posts: 129

Joined: Tue Feb 03, 2009 10:40 am

Post Thu Oct 07, 2010 1:26 pm

Re: metasploit php

Thanks for the replies , I have got one more question in mind .

I will also need to demonstrate a jsp shell from metasploit and thus I need to have a jsp file on the webserver and when the client executes it using browser we will receive a shell , now the point, inorder for the client to execute the file we need to have tomcat+java and then the mod_jk module and all that configured because apache is not supporting jsp by default . At the moment when i execute http://server_ip/file.jsp it throws a source code rather then just executing it ( i do have java on client ) .

Can you guys recommend a smart and easy web server which is currently supporting jsp by default rather than the above solution .. actually i m not that good at linux :P ..


thanks
It has become appallingly obvious that our technology has exceeded our humanity.
<<

dante

User avatar

Jr. Member
Jr. Member

Posts: 58

Joined: Wed Jul 21, 2010 10:17 pm

Post Thu Oct 07, 2010 2:42 pm

Re: metasploit php

COm_BOY wrote:Thanks for the replies , I have got one more question in mind .

I will also need to demonstrate a jsp shell from metasploit and thus I need to have a jsp file on the webserver and when the client executes it using browser we will receive a shell , now the point, inorder for the client to execute the file we need to have tomcat+java and then the mod_jk module and all that configured because apache is not supporting jsp by default . At the moment when i execute http://server_ip/file.jsp it throws a source code rather then just executing it ( i do have java on client ) .

Can you guys recommend a smart and easy web server which is currently supporting jsp by default rather than the above solution .. actually i m not that good at linux :P ..


thanks


JSP is a server side technology that gets executed on the server and the output of the execution of jsp is provided to the client. If you have a JSP reverse shell uploaded to the server, when you are accessing the jsp file you are getting the shell of the server and not that of the client. If you want infect client, think interms of flash, pdf, browser
<<

COm_BOY

User avatar

Full Member
Full Member

Posts: 129

Joined: Tue Feb 03, 2009 10:40 am

Post Thu Oct 07, 2010 3:28 pm

Re: metasploit php

JSP is a server side technology that gets executed on the server and the output of the execution of jsp is provided to the client. If you have a JSP reverse shell uploaded to the server, when you are accessing the jsp file you are getting the shell of the server and not that of the client. If you want infect client, think interms of flash, pdf, browser
[/quote]

You really mean to say that jsp files cannot be executed on client systems ? here is the post I was trying to do
hxxp://carnal0wnage.attackresearch.com/node/389

Please let me know if I am doing some mistakes
Last edited by COm_BOY on Thu Oct 07, 2010 3:47 pm, edited 1 time in total.
It has become appallingly obvious that our technology has exceeded our humanity.
<<

dante

User avatar

Jr. Member
Jr. Member

Posts: 58

Joined: Wed Jul 21, 2010 10:17 pm

Post Thu Oct 07, 2010 3:44 pm

Re: metasploit php

Original  link:http://exploit.co.il/hacking/metasploit-java-meterpreter-payload/

its a java applet and not jsp file... you do not need tomcat nor a server if you follow that link...

You just need a client  machine with JRE installed.

The demo would be more impressive if you are not executing the jar file manually on the client side as shown in the link you provided. Instead you should probably write a html that embeds the applet and this html should be hosted in the server(any static web server would do).. Now when the client  access the web page hosted on your server, you will get a shell of the client...

Update: I didnt see that you edited your post to a new link...
jsp files are not executed on client system period.
What follows is not an accurate explanation and does not cover all cases... but I believe will help you to understand...
jsp,php,asp - all are executed on the server side and provides the output in html format and this html is sent by the server to the client and the client usually a browser renders the html. You should read about how web applications are developed.
Last edited by dante on Thu Oct 07, 2010 4:01 pm, edited 1 time in total.
<<

COm_BOY

User avatar

Full Member
Full Member

Posts: 129

Joined: Tue Feb 03, 2009 10:40 am

Post Thu Oct 07, 2010 3:48 pm

Re: metasploit php

dante wrote:its a java applet and not jsp file... you do not need tomcat nor a server if you follow that link...

You just need a client  machine with JRE installed.

The demo would be more impressive if you are not executing the jar file manually on the client side as shown in the link you provided. Instead you should probably write a html that embeds the applet and this html should be hosted in the server(any static web server would do).. Now when the client  access the web page hosted on your server, you will get a shell of the client...



sorry , I did posted the wrong link and now I have edited my previous post , can you check the link out now
It has become appallingly obvious that our technology has exceeded our humanity.
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Oct 08, 2010 6:35 am

Re: metasploit php

BTW guys, the title of the thread is "Metasploit php"...  ;)
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

COm_BOY

User avatar

Full Member
Full Member

Posts: 129

Joined: Tue Feb 03, 2009 10:40 am

Post Fri Oct 08, 2010 7:37 am

Re: metasploit php

COm_BOY wrote:Thanks for the replies , I have got one more question in mind .

I will also need to demonstrate a jsp shell from metasploit and thus I need to have a jsp file on the webserver and when the client executes it using browser we will receive a shell , now the point, inorder for the client to execute the file we need to have tomcat+java and then the mod_jk module and all that configured because apache is not supporting jsp by default . At the moment when i execute http://server_ip/file.jsp it throws a source code rather then just executing it ( i do have java on client ) .

Can you guys recommend a smart and easy web server which is currently supporting jsp by default rather than the above solution .. actually i m not that good at linux :P ..


thanks



I am working on that php one by installing webgoat .. however I was also stuck at jsp shells so i continued here only .. I think i should have started another thread for that
Last edited by COm_BOY on Fri Oct 08, 2010 7:39 am, edited 1 time in total.
It has become appallingly obvious that our technology has exceeded our humanity.
<<

vekarman

User avatar

Newbie
Newbie

Posts: 28

Joined: Thu Mar 19, 2009 1:21 am

Post Fri Oct 15, 2010 8:09 am

Re: metasploit php

Hi COm_BOY,
and if I do it in my home lab I would require a vun. web app . Can anyone recommend me of any pre-configured webapp vun.


Download Damn Vulnerable Web Application from
http://www.dvwa.co.uk/

HTH
CISSP

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software