HTB-Re 渗透全记录
来源:岁月联盟
时间:2020-03-16
IPC$ READ ONLY Remote IPC
.
dr--r--r-- 0 Mon Jan 13 20:51:16 2020 .
dr--r--r-- 0 Mon Jan 13 20:51:16 2020 ..
malware_dropbox READ ONLY
此目录虽然扫描发现只有READ ONLY,而实际上是可以上传文件的。随便上传一个文件,发现过1分钟左右就会消失,相信就是上面blog提到的ods文件检测服务入口了。
root@kali:~/pentest/re# smbclient //10.10.10.144/malware_dropbox
WARNING: The "syslog" option is deprecated
WARNING: The "syslog" option is deprecated
Enter WORKGROUProot's password:
Try "help" to get a list of possible commands.
smb: > ls
. D 0 Tue Jun 18 22:08:36 2019
.. D 0 Tue Jun 18 22:08:36 2019
8247551 blocks of size 4096. 4295441 blocks available
smb: > put Re.xml
putting file Re.xml as Re.xml (3.2 kb/s) (average 2.4 kb/s)
smb: > ls
. D 0 Mon Jan 13 09:26:31 2020
.. D 0 Mon Jan 13 09:26:31 2020
Re.xml A 2410 Mon Jan 13 09:26:31 2020
ls
8247551 blocks of size 4096. 4295440 blocks available
smb: > ls
. D 0 Mon Jan 13 09:26:35 2020
.. D 0 Mon Jan 13 09:26:35 2020
8247551 blocks of size 4096. 4295441 blocks available
smb: >
ODS
这篇博文里面提及一篇文章:https://0xdf.gitlab.io/2019/03/27/analyzing-document-macros-with-yara.html ,里面有生成ods文件的示例,以及提到一个yara过滤规则:
rule metasploit
{
strings:
$getos = "select case getGUIType" nocase wide ascii
上一页 [1] [2] [3] [4] [5] [6] [7] [8] 下一页
