WebRaider v0.2.3.8 - One Click Ownage
WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point.
One Click Ownage
Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload.
- It’s only one request therefore faster,
- Simple, you don’t need a tool you can do it manually by using your browser or a simple MITM proxy,
- just copy paste the payload,
- CSRF(able), It’s possible to craft a link and carry out a CSRF attack that will give you a reverse shell
- It’s not fixed, you can change the payload,
- It’s short, Generally not more than 3.500 characters,
- Doesn’t require any application on the target system like FTP, TFTP or debug.exe
- Easy to automate.
Dependencies
Internally WebRaider uses Metasploit. It includes a specific version of Metasploit. You can change the paths and make it work with the latest Metasploit of your own setup.
More information: here
Thanks to our friend, Ferruh Mavituna for sharing this tool with us.
Post scriptum
Compliance Mandates
|
Related Articles
Attack |
|
Exploitation |
|
Penetration testing & Ethical Hacking |
|
WebRaider |
|