How to use Burp+metasploit to quickly detect & utilize Imagetragick (cve-2016–3714)

reprint: https://www.secpulse.com/archives/57126.html Imagetragick (cve-2016–3714)

ImageMagick is a generic component used to process images, involving popular languages such as Php,java,python,perl and Ruby, which was found in April 16 in Rce, where attackers simply upload constructed images to get server privileges. can refer to security pulse: <imagemagick remote Command Execution Vulnerability (cve-2016-3714) security alerts > Https://www.secpulse.com/archives/45833.html

(Extended reading-->imagemagic execution process, vulnerability analysis and repair http://www.freebuf.com/vuls/104048.html)

The traditional way to detect this vulnerability is to generate payload to view DNS resolution records through third-party Web sites, which is time-consuming and inconvenient, and introduces a method for rapid detection and utilization.

First you need a burp plug-in called Burp-image-size

Https://github.com/silentsignal/burp-image-size/releases/download/v0.3/burp-image-size-v0.3-java1.6.jar, the installation is aware of the operating environment.

When uploading a picture, grab the package select Send Toactive scan to invoke the plugin to scan the upload point. The vulnerability exists, and red shows high-risk vulnerabilities. Successful detection.

Next use Metasploit Getshell

Useexploits/unix/fileformat/imagemagick_delegate

Show options Check the option

I choose the default configuration here, then execute the

Exploit-j generates a Msf.png

Upload a picture to return to a session connection

Use Sessions-i 1 to interact with a session

Reference Links:

Http://www.freebuf.com/vuls/104048.html

Http://www.mottoin.com/89312.html

Https://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate

How to use Burp+metasploit to quickly detect & utilize Imagetragick (cve-2016–3714)