All warfare is based on deception. Hence, when we are able to attack, we must seem unable; when using our forces, we must appear inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near. —– The Art of War
This course details the exploitation of the PHP CGI bug (CVE-2012-1823) and how an attacker can use it to retrieve arbitrary code and gain code execution on a server using this bug.
Detail Assessment and Planning
- Port scan to identify opened ports, running services and services version. —– Nmap
- Check php version and other http headers. —– NC
- Exploit and get the shell. —– Metasploit
Weaknesses and Strengths
Used Nmap to idenfity opened ports. TCP port 80 is opened and Apache service is running on it.
By checking the application HTTP headers with nc, I can get php version.
I got the php version is 5.3.3. If I seach this php version’s vulnerability., I find that:
This is may be exploitable. Next I use metasploit to verify that. In msfconsole,
Only one exploit pops up, which is
next just set RHOST, LHOST, PAYLOAD I use