Archive for September, 2010

Command stagers in Windows

Command injection/execution bugs are a relatively common vulnerability. For example, Internet Explorer, Google Chrome, and Mozilla Firefox have all had these problems, at least including common add-ons. (see http://www.securityfocus.com/archive/1/archive/1/499570/100/0/threaded, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5045, etc.) Many server-side scripts in webapps also suffer from the same issues. Against a Linux target, many exploitation possibilities abound, from staging a payload via […]

, , , , , , ,

Leave a comment

Team metasploit and msfgui on Windows

First, in answer to a common question, the new msfgui can be run on Windows if Java is installed by double-clicking (starting in your program files directory) \Metasploit\Framework3\msf3\data\gui\msfgui.jar so make a shortcut to that and place it on your desktop. Next think about the fact that Metasploit has more features and runs with less memory […]

Leave a comment

Sessionthief linux

In response to a number of questions about how to get sessionthief running on linux, here are the steps to get it working on Ubuntu: First, I apologize, because if anyone tried, the compilation failed due to a case-mismatch on a filename. I had not noticed because I had stored the files on a FAT-formatted […]

16 Comments