File upload vulnerability to Meterpreter

Vulnerability Name: Arbitrary file upload vulnerability in DVWA frame work in “low” section.

System Specification:

Victim – Windows XP SP2 [IP: 192.168.24.131]

Attacker – Kali Linux 2.0 [IP: 192.168.24.133 PORT: 4444]

Success Criteria: Following two conditions are mandatory for exploiting file upload vulnerability –

  1. Attacker can upload any file (including .php, .asp, .aspx etc)
  2. Attacker can access uploaded file.

Tools used:

  1. Metasploit
  2. Msfvenom

Prerequisite Knowledge:

  1. What is web shell and how it works? [Please google it]
  2. Metasploit listener payload [exploit/multi/handler]

Step:

  1. Generate a web shell using msfvenom. msfvenom comes with metasploit framework.

1

The given command will generate an Raw script that will be named “prasenjitkantipaul.php” and when this php will be triggered it will sent back the connection to the attacker IP (i.e: 192.168.24.133 in 4444 port)

  1. Location of malicious php

2

  1. Set DVWA security to “LOW” for this exploitation PoC.

3

  1. File Upload option

4

  1. File uploaded successfully without checking its file type.

5

  1. Set listener in attacker’s side to grab the connection what will be sent from victim.

6

  1. Accessing the file

7

  1. Let’s see, after trying to access our malicious shell what is happening to our listener.

8

We successfully compromise victim’s machine using our php web shell.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s