Drive-By Download是一种网络攻击手段,国内称为“网站挂马攻击”。Drive-By Download是当今最流行的恶意软件传播手段,它主要是综合大量的已知漏洞(也可能包括未知漏洞)对用户的浏览器发起攻击。可实施Drive-By Download的综合性+工具相当多,大多都是傻瓜式的,如著名的Zeus , Phoenix 等 exploit套件,它们都具有较高的易用性和成功率,drivesploit是一个基于metasploit的Drive-By Download测试框架,它可以实施网站挂马攻击,除此之外,它还具备javascript混淆加密功能,可更好的隐藏自己。drivesploit的 攻击步骤:
- We inject JavaScript into target
- JavaScript loads iFrame from the infected domain
- Metasploit (drivesploit) serves an infected page from the domain
- Malware bypasses AV because of the obfuscation techniques used.
- IE visitor attacked, IE crashes, meterpreter starts, jumps process to notepad .exe
- We have a shell
工具更多信息及下载:https://github.com/waynearmorize/drivesploit/archives/master