25 November, 2014

Burp CO2 now sports some Laudanum Scripts!

Burp CO2 now sports some Laudanum Scripts!
Jason Gillam
Author: Jason Gillam
Share:
There have been a number of updates to the Burp CO2 extension suite over the past couple of months but the most exciting one is the addition of Laudanum functionality.  The Laudanum Project consists of a set of exploit scripts that are useful during penetration tests when the tester encounters the ability to upload files somewhere in the web root of an application server.
 
Similar to the classic Laudanum scripts, the Burp CO2 version of all shell payloads incorporate IP restrictions and an authentication token to secure the deployed scripts from unauthorized use (because having a malicious attacker leverage your pen test artifacts to hack your client is really, really bad!).
 
The Burp CO2 version of Laudanum attempts to simplify the process by moving all configuration to a user interface and by handling all the client-side logic in a consistent manner.  In addition, Burp CO2’s Laudanum scripts are all designed to handle GET or POST requests, increasing the flexibility of use during penetration tests.
 
Once the setup is complete, simply press the re/Connect button to get a prompt.

 

BurpLaudanum-1



THIS IS IMPORTANT: Remember that just like with classic Laudanum or any other uploaded exploit shell, the console you see is just a pseudo-shell.  It is not fully functional in the sense that it can only reliably be used to run a single command at a time.  Do not attempt to use it to do complex things like open an interactive command such as vi, or to tail a log file.  These types of interactions simply won’t work as expected because the exploit script just executes the given command and responds with whatever is sent to stdout.  This being said, it is still quite useful for many situations such as browsing the file system, exploring an internal network, introducing additional exploits, and possibly even setting up a full reverse shell.  Laudanum is a great fallback when you can’t directly obtain a shell through MetaSploit.

The latest binary (.jar) for the Burp CO2 suite can be found at http://BurpCO2.com.  Updates will periodically be pushed to the BApp Store as they stabilize

Jason Gillam is a Senior Security Consultant with Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at jgillam@secureideas.com, on Twitter @JGillam, or visit the Secure Ideas – ProfessionallyEvil site for services provided.

Join the Professionally Evil newsletter

Sign Up

Related Resources