Posted on 2 Comments

Hack remote Linux PC with phpFileManager 0.9.8 rce exploit

Good Evening Friends. Today we will see how to hack a remote Linux PC with phpFileManager 0.9.8 rce exploit. rce stands for remote code execution. Phpfilemanager is a complete filesystem management tool on a single file.  Among the features of phpFileManager:
. server info
. directory tree
. copy/move/delete/create/rename/edit/view/chmod files and folders
. tar/zip/bzip/gzip
. multiple uploads
. shell/exec
. works on linux/windows
. php4/php5/apache2 compatible
. english/portuguese/spanish/dutch/french/german/italian/korean/russian/catalan translations.

It is used to manage files of webserver and it boasts of around 382 downloads per week. Its browser interface can be seen below.

phpfilem_1

We will try to hack into  a Ubuntu 12.10 PC from Kali Linux using this phpFilemanager 0.9.8 rce  exploit. Given below is the Video version of this howto. If you are interested in the textual version scroll down below the video version.

Start Metasploit. Search for the phpfilemanager exploit by typing command “search phpfilemanager” as shown below.

phpfilem_2

Load the exploit as shown below. Set the required options as shown below. Most of the options are all set except the remote host address, i.e your target’s IP address.

phpfilem_3

Type command “show payloads” to see the available payloads and set the payload you want. I have selected the payload highlighted below.

phpfilem_4

Set the payload and check if all required options are set by typing command “show options”.

phpfilem_5

Type command “exploit” to execute the exploit. If everything went well, you should get the remote pc’s shell as shown below.

phpfilem_6

It should look like shown below. Type command “ls” to see the contents of the present directory. as shown below. You can see the two files which we saw in our first picture. Now let us navigate to the etc directory as shown below.

phpfilem_7

And type command “vi passwd” to open the passwd file of the remote PC. Vi is the default text editor in Linux.

phpfilem_8

2 thoughts on “Hack remote Linux PC with phpFileManager 0.9.8 rce exploit

  1. […] shell on our target while hacking, although we wish we got a meterpreter session (like the case here). Today we will see how to upgrade the command shell to […]

  2. […] POST Exploit. After getting a successful meterpreter session on the target Linux system (as shown here or here), the next logical step is to perform some enumeration on the target Linux machine. […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.