Practical Exploitation: How do you automatically activate a session in metasploit when you are using a generic/shell_reverse_tcp as for in, example, the java_signed_applet exploit? User interaction is required to actually type: sessions -i 1, whereas in the meterpreter/reverse_tcp the session can be automatically kicked off. Do you know of any method of sending that command — sessions -i 1 — to the keyboard so the attacker does not have to sit around all day and interact with the session? Thanks.

How do you automatically activate a session in metasploit when you are using a generic/shell_reverse_tcp as for in, example, the java_signed_applet exploit? User interaction is required to actually type: sessions -i 1, whereas in the meterpreter/reverse_tcp the session can be automatically kicked off. Do you know of any method of sending that command -- sessions -i 1 -- to the keyboard so the attacker does not have to sit around all day and interact with the session? Thanks.

Anonymous

You don’t have to interact with a session to have it active. Why would you want to interact with a shell if you weren’t there?

We aren't here to talk about theoretical hacks, or "If" scenarios. Call bullshit on us for anything you can't get working or don't think actually happens.

Want a white paper put into perspective? Can't quite figure out how a tool or exploit works? or works into a pen test? Thats what we do, shoot a comment, tweet, facebook update our way and we'll feature it on a show. You can also post a question right here:

Ask a Question

Practical Exploitation on Facebook

My Blog All of Tumblr

Follow on Tumblr

RSS Feed

Random

From the desk of Mubix and friends:

Real world exploitation examples