Bind Penetration Test


can someone tell me where exactly am I supposed to inject this code in index.php file?

was able to figure this out though I couldnt get a session opened

failed to bind to 4444 indicates that the port is in use
you called jobs from the meterpreter session, but its a command defined in the framework - call it after suspending the session

it depends
if you just want to add the iframe youll have to put it somewhere between <body> and </body> without breaking other tags

but the code you showed was php, so it inherently must be called from within <?php (or just <?) and ?>

yeah I had figured this out …just had to look at the bottom of the contents of the file

thats because there is a job running on that port, I called jobs once again after putting the session in background but I guess that didnt work either…I will reset the lab and perform it all over again then get back to u, thx for the help…r u on the unofficial discord server?

i’m not, but the problem is probably not with the lab but with your metasploit session…
maybe its enough to restart it

Forgot to share…I had taken this scrsht earlier in the day while I was on the lab environment…had done jobs…but still didn’t fetch anything

…maybe because I myself went to the link beforehand …best option is to reset and try again…

I looked it up, seems that I didnt get a shell either. Could you try exploit/multi/browser/java_jre17_provider_skeleton instead?

Get rid of msf6, it sucks… download the bash script pimp my kali and downgrade back to msf5. You are going to have one hell of a time on the labs and tests with msf6. I actually tried with both, and I don’t think I could have passed with msf6.

Thats utter nonsense. you may use every software you want, but that statement isnt qualified. I used the uptodate kali msf for basically every lab successfully

1 Like

If I remember correctly u were not able to get a session on blind pentest lab…

To reiterate: for the love of anything, don’t use outdated software/systems.

1 Like

Yeah, you dont remember correctly as I already stated: “used successfully”

u said it right here dude…and am using msf6 too btw

well, i got a session and that was certainly not an msf5/msf6 issue… so I dont know what youre getting at. request for elaboration

I shall get back to u on this…

1 Like

Yes, you can use it, it will work. However, msf5 works much better. I have gone through both ejpt and ecpptv2 and did them twice, once with 5 and then went back through with 6. I will tell you this, i had a lot less problems with 6

yeah, those msf5 guys should stop coding their tradecraft with cobol as well…

1 Like