WebRaider v0.2.3.8 - One Click Ownage

WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point.

One Click Ownage

Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload.

  • It’s only one request therefore faster,
  • Simple, you don’t need a tool you can do it manually by using your browser or a simple MITM proxy,
  • just copy paste the payload,
  • CSRF(able), It’s possible to craft a link and carry out a CSRF attack that will give you a reverse shell
  • It’s not fixed, you can change the payload,
  • It’s short, Generally not more than 3.500 characters,
  • Doesn’t require any application on the target system like FTP, TFTP or debug.exe
  • Easy to automate.

Dependencies

Internally WebRaider uses Metasploit. It includes a specific version of Metasploit. You can change the paths and make it work with the latest Metasploit of your own setup.

White Paper: ONE CLICK OWNAGE

More information: here

Thanks to our friend, Ferruh Mavituna for sharing this tool with us.

Post scriptum

Compliance Mandates


Comments

Related Articles

Attack
Exploitation
Penetration testing & Ethical Hacking
WebRaider