Metasploit mailing list archives
Re: Deploying a webshell
From: hex <hex () neg9 org>
Date: Sat, 30 Apr 2011 16:50:38 -0700
I just ran in to this exact problem and my solution was almost exactly the same (I built a war using one of the jsp backdoors form fuzzdb)... and my thoughts were exactly the same. I see no reason the communication channel for a shell couldn't be via http. I'm really new to msf, so I don't know how helpful I could be, but I'm very interestined in what you come up with. At Sat, 30 Apr 2011 23:27:53 +0100, Konrads Smelkovs wrote:
[1 <multipart/alternative (7bit)>] [1.1 <text/plain; UTF-8 (7bit)>] Hello, I want to build a webshell as payload as I've been in situations where for web based exploits like jboss either reverse/bind shell doesn't work or host is firewalled and only incoming http is permitted. So far, my approach has been to hack the appropriate exploit to deploy a basic webshell (hacked exlploit attached). Are there any development initiatives I can latch to regarding webshell deployment? If not, what would be the best approach to take in developing - do a one-off and ignore errors/payloads at all, make webshell as payload (and if so, how to build a new communications channel?) Ideas appreciated -- Konrads Smelkovs Applied IT sorcery. [1.2 <text/html; UTF-8 (quoted-printable)>] [2 jboss_bshdeployer_shell.rb <application/octet-stream (base64)>] [3 <text/plain; us-ascii (7bit)>] _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Deploying a webshell Konrads Smelkovs (Apr 30)
- Re: Deploying a webshell hex (Apr 30)