Metasploit mailing list archives
Re: phpmyadmin exploit not working for me, anyone have any ideas?
From: Robin Wood <robin () digininja org>
Date: Sun, 26 Jun 2011 10:57:56 +0100
On 26 June 2011 08:50, martin <nighthawk2600 () gmail com> wrote:
Hello everyone, I have a unique situation, i have a friend that is running a webserver with phpMyAdmin and he has been hacked. He asked me if i could help him figure out how the hacker accomplished this, apparently he told him he did it using phpmyadmin exploit. So i tried using msfconsole (with my friends permission) to figure out which exploit/payload the guy used to hack into my friends webserver. I know for a fact that he is using phpmyadmin when you load his ip address into a web browser with the right directory you get this: Welcome to phpMyAdmin 2.10.1 so here is what i tried msf> search phpmyadmin msf> use /path/to/phpmyadmin exploit msf> show options msf > set RHOST ip address msf > set URI /path msf> show payloads msf > use certain payload msf> set options for payload msf> exploit [*] Started reverse handler on 192.168.1.6:4444 [*] Grabbing session cookie and CSRF token [*] Sending save request [*] Requesting our payload [*] Exploit completed, but no session was created. msf exploit(phpmyadmin_config) > exit Now i tried every available payload that will work with the phpmyadmin exploit, however nothing worked. Now i know that in general terms that when it tells you that the exploit completed, but no session was created then more than likely the application is not vulnerable, however shouldn't phpmyadmin version 2.10.1 be vulnerable to this exploit? I am new to metasploit so i am reaching out to you more experienced users for any input that you might have on this situation. I really would like to help my friend figure out exactly how this happened. So if anyone has any ideas i would love to hear them. Oh and so you know he is running a linux box with no firewall at the moment. Thank you all for your time.
You are using the phpMyAdmin config exploit and its info says the targets are: phpMyAdmin 2.11.x < 2.11.9.5 and 3.x < 3.1.3.1 which means your version 2.10.1 isn't in the right range. I got this information by doing info exploit/unix/webapp/phpmyadmin_config and looking a the available targets. The description field also says which versions are vulnerable. Robin _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- phpmyadmin exploit not working for me, anyone have any ideas? martin (Jun 26)
- Re: phpmyadmin exploit not working for me, anyone have any ideas? Robin Wood (Jun 26)