Hi guys, Perhaps you may want to take a look to this nifty tool.
Fimap is aimed to detect and exploit LFI and RFI, but perhaps LFI is the most interesting part. As far I can tell, this is the only tool that is able to gain a shell by using this technique. It also has a tiny plugin interface that helps you to do some postexplotation automation. I helped writing a plugin that injects Metasploit payloads in a target machine (Windows and Unix).In the Windows side, it is able to inject a Meterpreter reverse shell. http://code.google.com/p/fimap/ Regards, Xavier Garcia _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
