All Posts Tagged
Tag: ‘metasploit’

Python HTTP Shell – PyHttpShell

PyHttpShell is a shell written in python and php, traffic is over http protocol using a server in the middle.

Read More

Windows Domain Credentials Phishing Tool

I created this tool for a pen test i performed for a client,
i already had a meterpreter session and i needed to get the current domain user credentials.
Instead of using a key logger and wait for the user to type his password i decided to force him to enter it.

Read More

ScreenSpy – New Meterpreter Script Review

Yesterday a new Meterpreter script named “ScreenSpy” was added to the Metasploit redmine. The script was written by Roni Bachar, You can read the official release notes on his Blog. This Meterpreter script captures images on remote host desktop at a predefined interval and then displays the images sequence . This emulates a live view of the remote host […]

Read More

Meterpreter Script – Windows Service Creator

There are several ways to Backdoor a machine that has been compromised, One of them is placing your executable as a windows service. The advantages are that user doesn’t have to log on in order for the service to run, non like placing it in the startup via registry which requires user to log in. […]

Read More

Metasploit Java Meterpreter Payload

If you haven’t noticed the Metasploit Framework has a JAVA meterpreter payload for some time now It supports all the commands supported by the PHP meterpreter, as of SVN revision 9777, and additionally the ipconfig, route, and screenshot commands. It is not fully implemented into the framework yet and in order to get it up and […]

Read More

Digital Whisper Magazine issue 11

Wrote an article named : “Buffer Overflows 101”  which was published today on the Israeli  Security Magazine “Digital Whisper” issue 11. The article is in the Hebrew language and covers the basics of buffer overflows,fuzzing,olly basics,writing a metasploit modules and more… The article has a companion tar.gz file which includes the source code of the vulnerable server (Which was […]

Read More

Client side attacks using evil JAVA applets

About a year ago I stumbled upon a Facebook clone phishing site which contained an evil Java applet, At the time SET wasn’t introduced yet and only few articles disscussing this attack vector were published (Another applet creation process was published by Jabra and described later on the Offensive Security “Metasploit Unleashed” Online course). No source code was released […]

Read More

N@T Shell

A while back I needed a way to make metasploit’s meterpreter persistent or to be able to remotely execute it whenever needed. I decided to try and create a tool for doing that using Visual Basic Let me first say that i am not a programmer, I have very basic programming skills (some code snippets […]

Read More

Pivoting into a network using PLINK and FPipe

Although the metasploit framework meterpreter have pivoting capabilities which include Port forwarding and Routing, you may find yourself need to pivot your tools outside of the framework. For example, you may want to open a Remote Desktop connection to other internal host on the compromised network. This could be done using SSH Tunneling and Port […]

Read More

Recent Posts