metasploit设置路由转发
文章目录
0. 试验环境
环境部署在VMWare下,共三台主机,两个网段。
Host-only(192.168.2.0):Kali(攻击机:192.168.2.129)Win7(靶机:192.168.2.128)
NAT(192.168.32.0):Win7(靶机:192.168.32.151)OWASP Linux(靶机:192.168.32.150)
即:一台单网卡Kali,一台双网卡Win7,一台单网卡Linux,Win7与其余两台主机可以通信,其余两台主机之间不能互相通信。Host-only模拟真实外网环境,NAT模拟内网环境。
1. Kali与Win7建立会话
模拟真实环境,使用常规ms17-010漏洞与反弹shell与Win7建立链接,过程不赘述
2. 设置路由转发
2.1 获取目标主机所在网段
可以看到,Win7在两个网段中,分别是代表外网的192.168.2.0/24与代表内网的192.168.32.0/24。也可以使用route
或ipconfig
获取相关信息。
2.2 设置路由转发
可以在meterpreter中以run autoroute
设置,也可以在msf中以route add
设置,设置后msf即可正常访问模拟的内网网段,需复制命令请到附录。
3. 注意
-
msf路由转发是将对一个网段的请求转发到一个meterpreter会话
-
该路由转发只对msf工具生效,如果需要对外部程序也生效可以使用msf创建一个代理,如:
use auxiliary/server/socks_proxy
未配置代理和配置代理对比
-
msf提示
run autoroute
虽然生效了,但是已弃用,需要使用run post/multi/manage/qutoroute
。好吧,尝试使用了,没有帮助信息,还是原版好使,新版我单方面宣布弃用了。
4. 附录
4.1 run autoroute
与route
的完整文档
[*] Usage: run autoroute [-r] -s subnet -n netmask
[*] Examples:
[*] run autoroute -s 10.1.1.0 -n 255.255.255.0 # Add a route to 10.10.10.1/255.255.255.0
[*] run autoroute -s 10.10.10.1 # Netmask defaults to 255.255.255.0
[*] run autoroute -s 10.10.10.1/24 # CIDR notation is also okay
[*] run autoroute -p # Print active routing table
[*] run autoroute -d -s 10.10.10.1 # Deletes the 10.10.10.1/255.255.255.0 route
[*] Use the “route” and “ipconfig” Meterpreter commands to learn about available routes
Usage:
route [add/remove] subnet netmask [comm/sid]
route [add/remove] cidr [comm/sid]
route [get]
route [flush]
route [print]Subcommands:
add - make a new route
remove - delete a route; ‘del’ is an alias
flush - remove all routes
get - display the route for a given target
print - show all active routesExamples:
Add a route for all hosts from 192.168.0.0 to 192.168.0.255 through session 1
route add 192.168.0.0 255.255.255.0 1
route add 192.168.0.0/24 1Delete the above route
route remove 192.168.0.0/24 1
route del 192.168.0.0 255.255.255.0 1Display the route that would be used for the given host or network
255.255.255.0 1Display the route that would be used for the given host or network
route get 192.168.0.11