Metasploit mailing list archives
Exploit Jump Point
From: mmiller at hick.org (mmiller at hick.org)
Date: Thu, 3 Mar 2005 13:56:04 -0600
On Thu, Mar 03, 2005 at 01:52:40PM -0500, Carric Dooley wrote:
This might have been asked already (if so, sorry), but are there plans to integrate somnething like the Helium feature of Canvas? For those not familiar with the tool, it's a module you can push to an exploited host to use it as a 'jump box' to exploit other machines. It's kind of like running a remote copy of msf you can use to attack machines you might not otherwise be able to connect to (for instance if you break into a DMZ host).
You can use meterpreter for this purpose. You can create a portforward through the meterpreter channel that allows you to exploit hosts on the server's network via a local port on your client machine. It's not practical to run an instance of MSF on the exploited machine due to the fact that the framework is written in perl, but you can leverage the meterpreter to exploit boxes inside the target machine's network. You can also write meterpreter extensions that help to make this feature more robust than it currently is.
Current thread:
- Executing commands after remote exploitation Ismail Hameed (Mar 03)
- Executing commands after remote exploitation H D Moore (Mar 03)
- Exploit Jump Point Carric Dooley (Mar 03)
- Exploit Jump Point mmiller at hick.org (Mar 03)
- Exploit Jump Point Carric Dooley (Mar 03)
- Executing commands after remote exploitation H D Moore (Mar 03)