File upload vulnerability to Meterpreter
Vulnerability Name: Arbitrary file upload vulnerability in DVWA frame work in “low” section.
Victim – Windows XP SP2 [IP: 192.168.24.131]
Attacker – Kali Linux 2.0 [IP: 192.168.24.133 PORT: 4444]
- Attacker can upload any file (including .php, .asp, .aspx etc)
- Attacker can access uploaded file.
- What is web shell and how it works? [Please google it]
- Metasploit listener payload [exploit/multi/handler]
- Generate a web shell using msfvenom. msfvenom comes with metasploit framework.
The given command will generate an Raw script that will be named “prasenjitkantipaul.php” and when this php will be triggered it will sent back the connection to the attacker IP (i.e: 192.168.24.133 in 4444 port)
- Location of malicious php
- Set DVWA security to “LOW” for this exploitation PoC.
- File Upload option
- File uploaded successfully without checking its file type.
- Set listener in attacker’s side to grab the connection what will be sent from victim.
- Accessing the file
- Let’s see, after trying to access our malicious shell what is happening to our listener.
We successfully compromise victim’s machine using our php web shell.