Standalone Java Meterpreter


The documentation out there on the web is somewhat out-of-date when it comes to compiling and executing a standalone Java Meterpreter payload, and as it's yet to become part of the core features of the Metasploit framework , I expect these steps to change again in the future. In the past you could use loader.jar to run the payload, though this is no longer included in the tree - instead, compile your own, using Payload.java (included in the tree):

Create the Meterpreter JAR:

Hacking an E-commerce Site - for fun or profit?

Having testing a number of e-commerce sites in recent times, I wanted to share some of the vulnerabilities encountered, and the reasons why someone would seek to exploit them. Recent high profile hacks in the media have rightly made retailers sit up and take notice of security - whilst PCI DSS attempts to mandate a certain level of assurance, the risk of losing substantial amounts of money and seriously damaging reputation focuses the attention on security more than any overarching standard.