How to use Burp+metasploit to quickly detect & utilize Imagetragick (cve-2016–3714)

Source: Internet
Author: User
Tags imagemagick cve

reprint: https://www.secpulse.com/archives/57126.html Imagetragick (cve-2016–3714)

ImageMagick is a generic component used to process images, involving popular languages such as Php,java,python,perl and Ruby, which was found in April 16 in Rce, where attackers simply upload constructed images to get server privileges. can refer to security pulse: <imagemagick remote Command Execution Vulnerability (cve-2016-3714) security alerts > Https://www.secpulse.com/archives/45833.html

(Extended reading-->imagemagic execution process, vulnerability analysis and repair http://www.freebuf.com/vuls/104048.html)

The traditional way to detect this vulnerability is to generate payload to view DNS resolution records through third-party Web sites, which is time-consuming and inconvenient, and introduces a method for rapid detection and utilization.

First you need a burp plug-in called Burp-image-size

Https://github.com/silentsignal/burp-image-size/releases/download/v0.3/burp-image-size-v0.3-java1.6.jar, the installation is aware of the operating environment.

When uploading a picture, grab the package select Send Toactive scan to invoke the plugin to scan the upload point. The vulnerability exists, and red shows high-risk vulnerabilities. Successful detection.

Next use Metasploit Getshell

Useexploits/unix/fileformat/imagemagick_delegate

Show options Check the option

I choose the default configuration here, then execute the

Exploit-j generates a Msf.png

Upload a picture to return to a session connection

Use Sessions-i 1 to interact with a session

Reference Links:

Http://www.freebuf.com/vuls/104048.html

Http://www.mottoin.com/89312.html

Https://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate

How to use Burp+metasploit to quickly detect & utilize Imagetragick (cve-2016–3714)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.