Metasploit provides different kinds of payloads that can be used to get extended post exploitation functionality through a file-based backdoor. For this section I'll assume that the reader has discovered a vulnerability on a server that allows file uploads without any kind of whitelisting. Assuming a LAMP server is on
184.108.40.206 and Metasploit is running on a computer with a NAT'ed internal IP of
First of all, we'll generate a PHP Meterpreter bind payload, which will drop us with a basic PHP Meterpreter shell. The tool of the trade is
msfvenom. Msfvenom is the de-facto tool in the Metasploit framework to create and encode various payloads. Msfvenom surpasses the older tools for generating ...