Pentesting

Standalone Java Meterpreter

 

The documentation out there on the web is somewhat out-of-date when it comes to compiling and executing a standalone Java Meterpreter payload, and as it's yet to become part of the core features of the Metasploit framework , I expect these steps to change again in the future. In the past you could use loader.jar to run the payload, though this is no longer included in the tree - instead, compile your own, using Payload.java (included in the tree):

Create the Meterpreter JAR:

'Invisible Intercept' Function of Burp

The little used 'invisible intercept' function in Burp can be useful if testing basic client applications that do not support proxy settings, or in the case of the test I was on this week, to intercept Flash applications (that do not honour proxy settings in Chrome). Unfortunately there is little information on how to actually force your [locally generated] traffic through the proxy using iptables.

Finding Interesting Web Servers on a Penetration Test

Large internal infrastructure tests with few constraints on testing can be fun. It's rare to conduct a test that doesn't lead to Domain Admin one way or another, but that's only half the battle. A good tester should always strive to cover as much of the infrastructure as possible within the given window, leaving no stone unturned. It's not uncommon to have hundreds, or in some cases thousands of hosts, with the majority hosting some form of vulnerability. So where do you start?