BackgroundMeterpreter, as I'm sure most of our readers know, is an advanced in-memory payload with tons of useful post-exploitation features. About a year ago, while looking through various buggy, backdoored PHP shells, I decided it might be useful to have some of Meterpreter's networking features in the web's most pwnable language. I started to implement this idea prior to Blackhat last year but got caught up in other projects and let it languish. Last week I dusted it off, cleaned it up and committed the first steps toward a full-fledged Meterpreter in PHP.

One of the questions that we often hear is "What systems can i use to test against?" Based on this, we thought it would be a good idea throw together an exploitable VM that you can use for testing purposes.Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql.

Botnet agents and malware go through inordinate lengths to hide their command and control traffic. From a penetration testing perspective, emulating these types of communication channels is possible, but often requires a custom toolkit to be deployed to the target. In this post I will walk through using the standard Metasploit Meterpreter payload as a persistent encrypted remote control tool.

The Metasploit Console (msfconsole) has supported the concept of resource files for quite some time. A resource file is essentially a batch script for Metasploit; using these files you can automate common tasks. If you create a resource script called ~/.msf3/msfconsole.rc, it will automatically load each time you start the msfconsole interface. This is a great way to automatically connect to a database and set common parameters (setg PAYLOAD, etc). Until this morning, however, resource scripts were limited to simple console commands.