![]() Use exploit/windows/http/xampp_webdav_upload_php This is perfect as the release date of XAMPP 1.7.3 was, so the vulnerability will still be exploitable. Search xampp -searches for XAMPP vulnerabilitiesĪn exploit shows up with a disclosure date of. ![]() Open another terminal windows and fire up msfconsole, and wait until it loads up and search for XAMPP vulnerabilities in Metasploit database. A quick Google search of these services will reveal that the victim is running XAMPP 1.7.3. However it’s still not clear what type of the server it is. When the scan returns some data, we can see the victims server services that are running and the open ports they are communicating on. In this case 192.168.1.7 is the victims IP address. Open up terminal window in Kali and conduct a Version Nmap scan with the following piece of code. Next step includes finding out what type of software the victim runs as we don’t know that at the beginning of the hack. On the victims machine, start all available server modules, Apache, MySQL, FileZilla, Mercury. The operating systems used are Windows XP SP3 (Firewall ON) for the victim and Kali Linux for the attacker. The hacking tools that are used in this example are Metasploit msfconsole with Meterpreter payload as well as HashCat -hash cracking tool. In this post I’m going to concentrate on exploiting an older version of XAMPP server as well as stealing usernames and passwords from MySQL database tables from a particular website (DVWA) using the XAMPP vulnerability.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |