Thursday, April 4, 2013

Leveraging Metasploit Meterpreter PHP the smart way.

As a metasploit dogs.. U alway try to integrate any vulnerabilities that you found during pentest with metasploit. One of my favourite metasploit payloads is PHP/meterpreter/reverse_tcp.

Now having said that, Metasploit is not really smart !!! (At least is not efficient in every scenario.)
For example suppose we generate the php/meterpreter/reverse_tcp payload.


Notice that u would always need to specified the LHOST.

This will caused an inconvenience in a sense that if u r in an environment where your IP address will always changes (for my sake let say i hate to register domains/or behind a shadowed network ).

Checking the payload output


You noticed that reverse remote IP Address is hardcoded in the payload..
What we can do is we can replace the $ip strings with remote addr global server  $_SERVER['REMOTE_ADDR']  .



Now we can upload it anywhere we want and we don`t have to setup our LHOST every again :). This trick can also be applied to jsp and asp files but i left that parts to you guys.









2 comments:

Anonymous said...

I use 0.0.0.0 to bind to all interfaces.

Anonymous said...

Der, you can use setg.