Forum Thread: Execute Reverse PHP Shell with Metasploit

I used the php/meterpreter/reverse tcp and setup my lhost and my lport. Next, I copied the payload and placed it all in <?php payload here ?>.

I setup a server with a page containing the vulnerable php payload and setup a exploit/multi/handler with the same lhost/lport and with the payload: php/meterpreter/reverse tcp.

On the victim computer, ran wget url to payload but there was no shell obtained! Why so? No firewall, attacker is on kali, victim on metasploitable2.

1 Response

You should make a post request to the payload php from attacker computer, if you see blank page or infinitely loading page, congrats u got the shell!

Share Your Thoughts

  • Hot
  • Active