O'Reilly logo

Mastering Metasploit by Nipun Jaswal

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Compromising XAMPP servers

Getting the shell back from the victim's system is easy. However, what if the target is a web server running the latest copy of XAMPP server? Well, if you have found a vulnerable server where you can upload files by exploiting a web application-based attack, such as some of the web application attacks, including remote file inclusion, SQL injections, or any other means of file upload, you can upload a malicious PHP meterpreter and get access to the target web server.

The PHP meterpreter

To learn the method discussed previously, we need a PHP-based meterpreter shell, which we can make using the following commands:

The PHP meterpreter

In the preceding ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required