Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Client side attacks - reverse connection through HTTP proxy

From: arcsighter at gmail.com (ArcSighter Elite)
Date: Mon, 22 Dec 2008 16:27:38 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Taras P. Ivashchenko wrote:

Hello, list!

Is it possible to make some exploit in Metasploit (e.g. with metapreter payload) works through HTTP proxy 
to make reverse connection to some 'evil' server in the Internet?

For example, we have social engineering scenario when we made in Metasploit some exploit (e.g. some PDF file)
and sent link to this file on our web server to the target.

But usually in companies there is a proxy server and all users are connecting through it.
So how can we make that our exploit works fine if target is behind firewall and HTTP proxy?
In Core Impact there is HTTP tunneling option and payload uses IE proxy settings for connect to server side.



------------------------------------------------------------------------

_______________________________________________
http://spool.metasploit.com/mailman/listinfo/framework


If PassiveX stager would work on IE7/8 that would be awesome. It's all
you need. It's basically IE connecting. And only uses POST/GET.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJUAZKH+KgkfcIQ8cRAl0QAJwI8IEkwQkMC8PsQbZYrLOMluZJvQCg0N95
+CuihAEIvwudCu7BeGe3NOo=
=yx8R
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: