Re: Deploying a webshell

[hex <hex () neg9 org>]

I just ran in to this exact problem and my solution was almost exactly
the same (I built a war using one of the jsp backdoors form
fuzzdb)... and my thoughts were exactly the same. I see no reason the
communication channel for a shell couldn't be via http. 

I'm really new to msf, so I don't know how helpful I could be, but I'm
very interestined in what you come up with.

At Sat, 30 Apr 2011 23:27:53 +0100,
Konrads Smelkovs wrote:
> [1  <multipart/alternative (7bit)>]
> [1.1  <text/plain; UTF-8 (7bit)>]
> Hello,
>
> I want to build a webshell as payload as I've been in situations where for
> web based exploits like jboss either reverse/bind shell doesn't work or host
> is firewalled and only incoming http is permitted. So far, my approach has
> been to hack the appropriate exploit to deploy a basic webshell (hacked
> exlploit attached).
> Are there any development initiatives I can latch to regarding webshell
> deployment? If not, what would be the best approach to take in developing -
> do a one-off and ignore errors/payloads at all, make webshell as payload
> (and if so, how to build a new communications channel?)
>
> Ideas appreciated
> --
> Konrads Smelkovs
> Applied IT sorcery.
> [1.2  <text/html; UTF-8 (quoted-printable)>]
>
> [2 jboss_bshdeployer_shell.rb <application/octet-stream (base64)>]
>
> [3  <text/plain; us-ascii (7bit)>]
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework