Reverse Shell & Payloads - The live engagement

I am currently trying to get a reverse shell in the Shells & payloads (Live engagement section 2) section of HTB academy, currently I see that the blog is vulnerable to this LFI Lightweight facebook-styled blog 1.3 - Remote Code Execution (RCE) (Authenticated) (Metasploit) - PHP webapps Exploit however the machine from which I am running the payload does not have the metasploit module and I have not managed to clearly understand the code in Ruby, I am a novice, I appreciate if someone can give me a hand.

Hey, this helped me “Importing Exploit-DB Exploits into Metasploit in Kali Linux for Offline Access”

After you do this, set the exploit path manually. I couldn’t find it with search.

in metasploit I try with “use 50064.rb”… msf charge the exploit (Using configured payload php/meterpreter/bind_tcp ), then I put the RHOST,USERNAME(admin) and PASSWORD(admin123!@#) and run the exploit…but appears this messege: “Exploit failed: NoMethodError undefined method `split’ for nil:NilClass”
I don’t know how to solve it

1 Like

I had the same problem.

For me, it was a bad parameter vhost.