File upload vulnerability to Meterpreter

Vulnerability Name: Arbitrary file upload vulnerability in DVWA frame work in “low” section. System Specification: Victim – Windows XP SP2 [IP: 192.168.24.131] Attacker – Kali Linux 2.0 [IP: 192.168.24.133 PORT: 4444] Success Criteria: Following two conditions are mandatory for exploiting file upload vulnerability – Attacker can upload any file (including .php, .asp, .aspx etc) Attacker […]

OS Command Injection to Meterpreter

Definition: Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are […]

SQL Injection to Meterpreter

Goal: By exploiting SQL Injection vulnerability fully compromise the victim server and get reverse shell (Meterpreter) using SQLMap. Victim System: Damn Vulnerable Web App (DVWA) is installed in Windows XP for creating such virtual lab. IP: 192.168.24.131 Attacker System: Kali Linux 2.0 [Python 2.7, SQLMap and Metasploit installed by default]. IP: 192.168.24.129 Tools: SQLMap: sqlmap […]