We are going to do PHP exploit again but this time, use a different type of exploit which is reverse shell. Reverse shell is where the attacker use code so that the victim’s computer can be connected to the attacker’s computer by its listening port.

First make sure that the port of router that is connected to the attacker’s computer needs to have their port forwarding enable. It is done by entering the IP address of router in a web browser and do some configuration as shown image below. This is the following data, attacker IP: 192.168.100.5 and port 1234.

Configuring the router to port forward

Then, we need to prepare the PHP file. I take the PHP file from http://pentestmonkey.net/tools/web-shells/php-reverse-shell and modified the code so that it could connect to the attacker’s IP address at a certain port number.

PHP File that does Reverse Shell on execution

Once its modified, we could upload it to the WordPress website and it is ready to be run. We need to prepare Kali Linux command line and type in “nc -lvnp 1234”. This code will listen to the port 1234. To activate the PHP code, simply enter the directory of the file place and it will perform reverse shell.

Inserting PHP file to the website
Netcat on reverse shell action

To check if reverse shell is done successfully, simply check by using ifconfig and whoami in the command line to match some information of the web page such as its IP address and host name.

Proving that reverse shell is successful, it is connected to the IP address of web page