This should really be moved to non-working hardware ;)

~phoenix910

Thanks, I haven't actually tried this out yet, but may do say later on :) Appreciate it!

~phoenix910

Seems as though milw0rm is back, at least for the moment. From str0ke's twitter page:

Twitter / str0ke: milw0rm's back up & postin ...

~phoenix910

@spacemonkey: Pivoting exploits is basically using an exploited host to act as a proxy to exploit other hosts. I.e., if you exploit an external firewall, and that's the only PC with access to the...

Never done it myself, but I assume that this is exploiting a PDF's ability to interpret scripting? Haven't looked at any links yet myself, but that's just off the top of my head.

~phoenix910

You would probably have to exploit the fact that Windows allows a user to modify a process of which they are the owner - perhaps execute it in the memory space of explorer.exe (though I'm not sure if...

Good stuff - just let me know when it's ready, and specify what tests you want done, and I shall complete them for you.

~phoenix910

Yeah, I got a VM lab, and I'm happy enough to test for you if you like.

~phoenix910

Not that I know of - they aren't executables. Mind you, I haven't tried it. I'd just try binding the exe with the picture if that's what you want to achieve.

~phoenix910

Would have been easier to say that from the start, instead of "they're on the same network but they're not on the same network". If that's the case, and they can ping the WAN addresses, then just use...

Connecting A and B on the internal network should be no challenge at all - it's simpler than over a WAN. Where's the issue there? And to use port 80 in a reverse shell, you set up the Metasploit...

Yes, using port 80 is fine, and Metasploit fully supports pretty well any type of tunneling you can think of. These will help:
http://hkashfi.blogspot.com/2008/04/bypassing-firewalls-with-port.html...

Scan switches I use are these:
nmap -sS -sV -T 4 -P0 -O xxx.xxx.xxx.xxx

Yes, I see port 80.

~phoenix910

Yeah, the steps are the same (as in my tutorial, and for pivoting exploits), but because Metasploit/Meterpreter (can't remember which one - it's late here :P) supports intergrated nmap scans (such as...

Actually it does (everywhere I've read has mentioned that capability, which is where I got the idea from), and I got it to work - I just realised that the other machine I was attempting to scan...

Yep :)

~phoenix910

Not quite - meterpreter isn't a backdoor in itself - it is a post exploitation tool; whether you get in via another method or the one we've used; the backdoor in this instance is our little...

I'll answer both questions in one :P Basically, I'm generating the reverse_tcp into an executable file, because this can be sent inside an organisation, and the whole point to this tutorial was to...

Both work - trust me, I've tried em both ;)

~phoenix910

You're welcome :)

And TexRyker, I've never seen that issue myself, so I'd just say:
a) Make sure the code is typed exactly right, and that there are no syntax errors
b) Update to the latest SVN...

Well, I haven't written any majorly different guides specifically on that, only another similar explanation from a previous tutorial:



But that's from one of my other Ettercap-related articles....

You need it to be on a separate local IP range, as far as I'm aware, otherwise you'll end up scanning yourself.

~phoenix910

I use "links", as opposed to "lynx", but whatever floats your boat ;) Also, as per my tutorial, just execute "links" and make sure you're interacting with the process, then you can tell it to browse...

Well, actually, you are able to access the routers setup page either through the routing feature that metasploit has (which enables you to port scan/access other machines on the network, as was...

In theory, and port that isn't being used by either OS should work - however, 80 is often used, as you figured in your example. My advice would be to just modify your firewall's security settings.
...