Vulnerability & Exploit Database

Back to search

Script Web Delivery

This module quickly fires up a web server that serves a payload. The provided command will start the specified scripting language interpreter and then download and execute the payload. The main purpose of this module is to quickly establish a session on a target machine when the attacker has to manually type in the command himself, e.g. Command Injection, RDP Session, Local Access or maybe Remote Command Exec. This attack vector does not write to disk so it is less likely to trigger AV solutions and will allow privilege escalations supplied by Meterpreter. When using either of the PSH targets, ensure the payload architecture matches the target computer or use SYSWOW64 powershell.exe to execute x86 payloads on x64 machines.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/multi/script/web_delivery

Authors

  • Andrew Smith "jakx" <jakx.ppr [at] gmail.com>
  • Ben Campbell <eat_meatballs [at] hotmail.co.uk>
  • Chris Campbell

References

Targets

  • Python
  • PHP
  • PSH

Platforms

  • python
  • php
  • windows

Architectures

  • python
  • php
  • x86, x64

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/script/web_delivery msf exploit(web_delivery) > show targets ...targets... msf exploit(web_delivery) > set TARGET <target-id> msf exploit(web_delivery) > show options ...show and set options... msf exploit(web_delivery) > exploit