Metasploit mailing list archives
Re: Deploying meterpreter / some other payload to NAT'ed devices
From: egypt () metasploit com
Date: Mon, 28 Jul 2014 12:08:06 -0500
The recently-added reverse_hop_http[1] stager, thanks to scriptjunkie, might give you a means of achieving 3a. If the server is not running PHP, at least it will give you a starting point. Implementing the proxy in multiple languages for scenarios like this would be useful. [1]: https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/handler/reverse_hop_http.rb On Mon, Jul 28, 2014 at 11:49 AM, Pedro Ribeiro <pedrib () gmail com> wrote:
Hi, I'm building a metasploit module that abuses a vulnerability in a server that deploys software packages to clients The idea is to: 1) gain administrative access to the server 2) use the admin access to deploy a payload to the clients 3a) get the clients to connect back using the server as a proxy (they might be NAT'ed of otherwise inaccessible from the attacking machine) OR 3b) deploy some kind of payload that allows me to control all machines via the server (no need to connect back to the attacking machine to raise red flags) 1) and 2) are trivial. Any advice / thoughts on how to achieve 3a or 3b via metasploit? Regards Pedro _______________________________________________ https://dev.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://dev.metasploit.com/mailman/listinfo/framework
Current thread:
- Deploying meterpreter / some other payload to NAT'ed devices Pedro Ribeiro (Jul 28)
- Re: Deploying meterpreter / some other payload to NAT'ed devices egypt (Jul 28)