I used the php/meterpreter/reverse tcp and setup my lhost and my lport. Next, I copied the payload and placed it all in <?php payload here ?>.
I setup a server with a page containing the vulnerable php payload and setup a exploit/multi/handler with the same lhost/lport and with the payload: php/meterpreter/reverse tcp.
On the victim computer, ran wget url to payload but there was no shell obtained! Why so? No firewall, attacker is on kali, victim on metasploitable2.
Forum Thread:
How to Track Who Is Sms Bombing Me .
4
Replies
Forum Thread:
Removing Pay-as-You-Go Meter on Loan Phones.
1
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
3
Replies
Forum Thread:
moab5.Sh Error While Running Metasploit
17
Replies
Forum Thread:
Install Metasploit Framework in Termux No Root Needed M-Wiz Tool
1
Replies
Forum Thread:
Hack and Track People's Device Constantly Using TRAPE
35
Replies
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
How To:
Scan for Vulnerabilities on Any Website Using Nikto
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
How To:
Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
Hack Like a Pro:
How to Crack User Passwords in a Linux System
Hack Like a Pro:
How to Crack Passwords, Part 3 (Using Hashcat)
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
How To:
Spy on Traffic from a Smartphone with Wireshark
How To:
Crack Shadow Hashes After Getting Root on a Linux System
How To:
Use Hash-Identifier to Determine Hash Types for Password Cracking
How To:
Spy on Your "Buddy's" Network Traffic: An Intro to Wireshark and the OSI Model
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
How To:
Top 10 Things to Do After Installing Kali Linux
How To:
Use Kismet to Watch Wi-Fi User Activity Through Walls
How To:
Extract Bitcoin Wallet Addresses & Balances from Websites with SpiderFoot CLI
How To:
Use Metasploit's WMAP Module to Scan Web Applications for Common Vulnerabilities
How To:
Dox Anyone
How To:
Intercept Images from a Security Camera Using Wireshark
How To:
Use SQL Injection to Run OS Commands & Get a Shell
How To:
Build a Beginner Hacking Kit with the Raspberry Pi 3 Model B+
How To:
Exploit EternalBlue on Windows Server with Metasploit
1 Response
You should make a post request to the payload php from attacker computer, if you see blank page or infinitely loading page, congrats u got the shell!
Share Your Thoughts