ScriptFTP <=3.3 Remote Buffer Overflow Exploit (MSF)

You might be read about the previous post ScriptFTP Remote BOF, if you are a Metasploit user, you can add this exploit module to your Metasploit Framework. Update: Metasploit has released module for ScriptFTP. You can use it now on Metasploit. . Credit goes to: Cyberheb Otoy TecR0c mr_me  

Porting Your Exploit to Metasploit

Beberapa waktu yang lalu saya udah memberikan tutorial basic exploit development (direct return technique) dan exploit development berbasis SEH. Sekarang mari kita porting exploit tersebut ke Metasploit Framework agar exploit tersebut semakin reliable dan bisa menggunakan macam-macam payload, fitur-fitur canggih yang ada di Metasploit. Kita akan meng-konversi exploit yang pertama, yaitu Free CD to MP3... Continue Reading →

MSF PostgresQL Problem on BT5

If you read this post then I bet you have the same problem with me. When I tried to run the msfconsole on my BT5 I have this buggy information. Seems that the MSF could not connect to Postgres database server. I tried to install the Postgres server inside my BT5 and still have no... Continue Reading →

Metasploit Meterpreter Command Shell Upgrade

Seeing is believing 🙂 Good, command shell is on the background now, what if we want to change that existing command shell session into meterpreter session? re-exploit? Oops, you should forget about to re-exploit, Metasploit has a feature to upgrade the command shell session to meterpreter session, look at the -u option. Let's try that.... Continue Reading →

PHP Include Exploitation with Metasploit

Metasploit support for PHP Include exploitation, or simply known as RFI (Remote File Inclusion). I will show you how this work on CS-Cart 1.3.3 which vulnerable to remote file inclusion. The vulnerable path is at classes/phpmailer/class.cs_phpmailer.php?classes_dir=[include arbitrary php code] so in Metasploit, the PHPURI PATH will be like this: Now we set all options. After... Continue Reading →

Blog at

Up ↑