Oracle Secure Backup Command Injection to Metasploit PHP Shell
July 16th, 2009. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Background and motivation here:
http://joxeankoret.com/blog/?p=39
Before I forget thanks to egypt, pragmatk, and of course MC…
MSF trunk has had an exploit for awhile that exploits the above
http://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/ad…
given the example in Joxean’s advisory with the PHP shell I hit up the metasploit php ninja (egypt) on how to leverage it.
Metasploit has a php reverse and bind shell, you can use the multihandler to catch callbacks or connect to the bind shell. To get the shell on the box we can output the payload as raw or base64