bobbyb1980 Posted December 16, 2011 Share Posted December 16, 2011 What is everyone's preferred way to get meterpreter shells? I've been using the Java applet attack which has a very high success rate. I've also been using the metasploit browser_autopwn module but it doesn't seem to work too well in Firefox, only IE. What's your fav way? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted December 16, 2011 Share Posted December 16, 2011 Embedding a reverse shell to a PDF document. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted December 18, 2011 Author Share Posted December 18, 2011 I tried just about every module in metasploit for creating malicious pdf's and everyone that I tried was detected by anti virus. I've read that you can execute java script to execute shellcode all from inside a pdf but that module was picked up by 20 something out of 40 virus scanners. I did find a script to inject shellcode into a vbscript for a meterpreter shell and that is not picked up by antivirus. Today I'll also try inserting shellcode into a word document as a macro and hopefully that gets by too. I keep reading about people embedding shellcode in jpeg images but can't find any info on it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.