Hi All,
Can someone explain what’s happening in this ftp anon/http exploit below?:
I set up a msfvenom meterpreter reverse tcp payload and save it to a file (aspx). Then I use multi handler exploit in metasploit and set the same payload. I end up transferring the file to the victim machine (over ftp), go to the http payload page, and boom I get a meterpreter shell
From my understanding, I am creating a payload that gives me access to the victim machine with reverse shell, and saving that payload to a file, all using msfvenom. Then, using metasploit (I assume I could use netcat instead), I’m setting up a listener that somehow catches and realizes the reverse shell payload when the webpage is being accessed?
I’m just fuzzy on what exactly metasploit’s function is in materializing this exploit. Why am I setting up two sets of the same lhost and lport? I set up lost/lport with msfvenom, so why do we need this metasploit function to pop the shell? How are msfvenom and metasploit working together here and what are they doing exactly?
Thank you for your patience.
[link] [comments]
from hacking: security in practice https://ift.tt/XGELTko
Comments
Post a Comment