msf6 > use auxiliary/scanner/http/log4shell_scannermsf6 auxiliary(scanner/http/log4shell_scanner) > set RHOSTS 192.168.1.16 RHOSTS => 192.168.1.16msf6 auxiliary(scanner/http/log4shell_scanner) > set SRVHOST 192.168.1.16 SRVHOST => 192.168.1.16msf6 auxiliary(scanner/http/log4shell_scanner) > set RPORT 8080 RPORT => 8080msf6 auxiliary(scanner/http/log4shell_scanner) > run Scanned 1 of 1 hosts (100% complete) Sleeping 30 seconds for any last LDAP connections Auxiliary module execution completedmsf6 auxiliary(scanner/http/log4shell_scanner) > #apt install metasploit-frameworkĪt this point, you have the upgraded module. Then apply apt install metasploit-framework command to upgrade the system. The steps are below.įirst, apply apt update command that updates the package lists from a server on the internet. Since I have only the packets, I will extract the file from captured packets with help of Wireshark. We can run the file in a sandbox or scan it with an antivirus. Sometimes, we may need to analyse behavior of a suspicious file like Exploit.class. Once the downloading completes, Java executes the malicious file. See the details below.Īs you see in the screenshot above, the content type is a java file. Once the malicious web server receives the http GET request, it creates a response that contains Exploit.class file and sends it back to the application. The next packet is the request that asks for Exploit.class. The first 3 packets belong to the TCP 3-way handshaking. See the details below.Īfter filtering the packets that uses TCP port 8000, I obtained the traffic between the vulnerable application and the malicious web server. The application craft a http GET request to the malicious web server for downloading Exploit.class file. ALSO READ: 6 easy steps to setup offline two factor authentication in Linux
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |