Home page logo

metasploit logo Metasploit mailing list archives

Re: phpmyadmin exploit not working for me, anyone have any ideas?
From: Robin Wood <robin () digininja org>
Date: Sun, 26 Jun 2011 10:57:56 +0100

On 26 June 2011 08:50, martin <nighthawk2600 () gmail com> wrote:
Hello everyone,

I have a unique situation, i have a friend that is running a webserver with
phpMyAdmin and he has been hacked. He asked me if i could help him figure
out how the hacker accomplished this, apparently he told him he did it using
phpmyadmin exploit. So i tried using msfconsole (with my friends permission)
to figure out which exploit/payload the guy used to hack into my friends
webserver. I know for a fact that he is using phpmyadmin when you load his
ip address into a web browser with the right directory you get this:

Welcome to phpMyAdmin 2.10.1

so here is what i tried

msf> search phpmyadmin

msf> use /path/to/phpmyadmin exploit

msf> show options

msf > set RHOST ip address

msf > set URI /path

msf> show payloads

msf > use certain payload

msf> set options for payload

msf> exploit

[*] Started reverse handler on
[*] Grabbing session cookie and CSRF token
[*] Sending save request
[*] Requesting our payload
[*] Exploit completed, but no session was created.
msf exploit(phpmyadmin_config) > exit

Now i tried every available payload that will work with the phpmyadmin
exploit, however nothing worked. Now i know that in general terms that when
it tells you that the exploit completed, but no session was created then
more than likely the application is not vulnerable, however shouldn't
phpmyadmin version 2.10.1 be vulnerable to this exploit? I am new to
metasploit so i am reaching out to you more experienced users for any input
that you might have on this situation. I really would like to help my friend
figure out exactly how this happened. So if anyone has any ideas i would
love to hear them.

Oh and so you know he is running a linux box with no firewall at the moment.

Thank you all for your time.

You are using the phpMyAdmin config exploit and its info says the targets are:

  phpMyAdmin 2.11.x < and 3.x <

which means your version 2.10.1 isn't in the right range.

I got this information by doing

  info exploit/unix/webapp/phpmyadmin_config

and looking a the available targets. The description field also says
which versions are vulnerable.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]