php filemanager

All posts tagged php filemanager

Good Evening Friends. Today we will see how to hack a remote Linux PC with phpFileManager 0.9.8 rce exploit. rce stands for remote code execution. Phpfilemanager is a complete filesystem management tool on a single file.  Among the features of phpFileManager:
. server info
. directory tree
. copy/move/delete/create/rename/edit/view/chmod files and folders
. tar/zip/bzip/gzip
. multiple uploads
. shell/exec
. works on linux/windows
. php4/php5/apache2 compatible
. english/portuguese/spanish/dutch/french/german/italian/korean/russian/catalan translations.

It is used to manage files of webserver and it boasts of around 382 downloads per week. Its browser interface can be seen below.

phpfilem_1

We will try to hack into  a Ubuntu 12.10 PC from Kali Linux using this phpFilemanager 0.9.8 rce  exploit. Given below is the Video version of this howto. If you are interested in the textual version scroll down below the video version.

Start Metasploit. Search for the phpfilemanager exploit by typing command “search phpfilemanager” as shown below.

phpfilem_2

Load the exploit as shown below. Set the required options as shown below. Most of the options are all set except the remote host address, i.e your target’s IP address.

phpfilem_3

Type command “show payloads” to see the available payloads and set the payload you want. I have selected the payload highlighted below.

phpfilem_4

Set the payload and check if all required options are set by typing command “show options”.

phpfilem_5

Type command “exploit” to execute the exploit. If everything went well, you should get the remote pc’s shell as shown below.

phpfilem_6

It should look like shown below. Type command “ls” to see the contents of the present directory. as shown below. You can see the two files which we saw in our first picture. Now let us navigate to the etc directory as shown below.

phpfilem_7

And type command “vi passwd” to open the passwd file of the remote PC. Vi is the default text editor in Linux.

phpfilem_8