Metasploit PHP Hop
In this recipe, you will learn how to use the Windows Meterpreter (Reflective Injection) and Reverse Hop HTTP/HTTPS Stage payload. This payload allows us to tunnel communication over an HTTP or HTTPS hop point. First, we need to upload the hop.php
file located in the metasploit-framework/data/php/
directory to a remote server. I will use the DigitalOcean Droplet created in the previous recipe, but you can use any web server with PHP.
Getting ready
First, we have to install Apache and PHP, so we can use the following command:
root@Metasploit:~# apt install apache2 php7 libapache2-mod-php7
Next, copy hop.php
to the /var/www/html/
folder and start the Apache2 service:
root@Metasploit:~# systemctl start apache2
How to do it...
- Now that we have our PHP Hop ready, we can use the
windows/meterpreter/reverse_hop_http
payload and create a binary with which we can compromise the target machine:
![](https://static.packt-cdn.com/products/9781788623179/graphics/4c1aca12-1c02-41b6-93cc-a3366bb86e07.png)
- After creating the payload, upload it to the target and start a listener using the Generic Payload...