Metasploit
Nixawk
这个作者很懒,什么都没留下…
展开
-
Metasploit - ERROR: cannot discover where libxml2 is located on your system
metasploit-framework [rapid7-master] ->> rvm listrvm rubies=* ruby-2.3.3 [ x86_64 ]# => - current# =* - current && default# * - defaultWhen ruby is updated from ruby-2.3.1 to ruby-2.3.3. It will ma原创 2016-12-07 13:57:47 · 1602 阅读 · 0 评论 -
metasploit - sshexec
msf exploit(sshexec) > show options Module options (exploit/multi/ssh/sshexec): Name Current Setting Required Description ---- --------------- -------- ----------- PASSWORD passw原创 2015-08-15 10:38:32 · 1049 阅读 · 0 评论 -
metasploit - smb
If you want to exploit smb locally, you need to modify regedit settings and reboot your computer.Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Polici原创 2015-08-15 12:51:58 · 1427 阅读 · 0 评论 -
metasploit - local_exploit_suggester
msf post(local_exploit_suggester) > show options Module options (post/multi/recon/local_exploit_suggester): Name Current Setting Required Description ---- ---------------原创 2015-08-15 00:37:15 · 3240 阅读 · 0 评论 -
Metasploit - Common Metasploit Module Coding Mistakes
This is a collection of all the bad code we often see in Metasploit modules. You should avoid them, too.Note: Some of these examples use puts() for demo purposes, but you should always use print_status转载 2015-04-27 21:22:05 · 660 阅读 · 0 评论 -
keybase
Install KeybaseKeybase is a website, but it’s also an open source command line program. Let’s walk through a terminal example, which illustrates what Keybase does. All of this can be embedded into othe原创 2015-04-27 20:24:58 · 1948 阅读 · 0 评论 -
metasploit - java meterpreter
msf > use payload/java/meterpreter/reverse_tcpmsf payload(reverse_tcp) > show options Module options (payload/java/meterpreter/reverse_tcp): Name Current Setting Required Description ---- -原创 2015-04-21 21:52:23 · 1788 阅读 · 0 评论 -
metasploit - meterpreter commands (linux)
meterpreter > helpCore Commands============= Command Description ------- ----------- ? Help menu background Ba原创 2015-04-21 09:04:47 · 969 阅读 · 0 评论 -
metasploit - meterpreter commands (windows)
meterpreter > helpCore Commands============= Command Description ------- ----------- ? Help menu background Ba原创 2015-04-21 08:48:40 · 760 阅读 · 0 评论 -
metasploit - meterpreter
Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a c转载 2015-04-21 08:21:49 · 657 阅读 · 0 评论 -
metasploit - exploits
msf >use exploits/use exploit/aix/rpc_cmsd_opcode21use exploit/aix/rpc_ttdbserverd_realpathuse exploit/android/browser/samsung_knox_smdm_urluse exploit/android/browser/webview_addjavascriptinterfac原创 2015-04-20 13:45:08 · 45019 阅读 · 0 评论 -
metasploit - nops
msf > use nop/use nop/armle/simple use nop/sparc/random use nop/x86/opty2use nop/php/generic use nop/tty/generic use nop/x86/single_byteuse nop/ppc/simple use nop/x64/simple原创 2015-04-20 13:55:08 · 939 阅读 · 0 评论 -
metasploit - post
msf > use post/use post/aix/hashdumpuse post/cisco/gather/enum_ciscouse post/firefox/gather/cookiesuse post/firefox/gather/historyuse post/firefox/gather/passwordsuse post/firefox/gather/xssuse原创 2015-04-20 13:48:14 · 1848 阅读 · 0 评论 -
metasploit - encoders
msf > use encoder/use encoder/cmd/echouse encoder/cmd/generic_shuse encoder/cmd/ifsuse encoder/cmd/perluse encoder/cmd/powershell_base64use encoder/cmd/printf_php_mquse encoder/generic/eicaruse原创 2015-04-20 13:52:24 · 916 阅读 · 0 评论 -
metasploit - auxiliary
msf >use auxiliarys/use auxiliary/admin/android/google_play_store_uxss_xframe_rceuse auxiliary/admin/appletv/appletv_display_imageuse auxiliary/admin/appletv/appletv_display_videouse auxiliary/admi原创 2015-04-20 12:19:31 · 6014 阅读 · 0 评论 -
metasploit - browser_autopwn2
Thanks msf committer. Please read here for more details about browser_autopwn2.msf auxiliary(browser_autopwn2) > info Name: HTTP Client Automatic Exploiter 2 (Browser Autopwn) Module: auxil原创 2015-08-05 22:10:00 · 2942 阅读 · 0 评论 -
metasploit - psexec_ntdsgrab / libesedb / ntdsxtract
msf auxiliary(psexec_ntdsgrab) > show options Module options (auxiliary/admin/smb/psexec_ntdsgrab): Name Current Setting Required Description ---- -------------原创 2015-09-11 18:21:59 · 2386 阅读 · 0 评论 -
Metasploit - auxiliary/gather/zoomeye_search
How to use ZoomEye API ?If you are a python developer, please view ZoomEye-SDK. If not, ZoomEye API Documentation is good for you.$ sudo easy_install zoomeye-SDKor$ sudo pip install git+https://github.原创 2016-10-19 01:08:53 · 527344 阅读 · 0 评论 -
Pentest - PowerSploit
PowerSploit is a collection of PowerShell scripts which can prove to be very useful during some exploitation and mostly post-exploitation phases of a penetration test.If you have GIT, then you can simp原创 2015-11-08 23:28:10 · 5017 阅读 · 0 评论 -
Metasploit - auxiliary/gather/censys_search
msf > use auxiliary/gather/censys_search msf > set CENSYS_UID XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX msf >set CENSYS_SECRET XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX msf >set CENSYS_DORK rapid7Certificates Sea原创 2016-10-25 12:04:10 · 1144 阅读 · 0 评论 -
Metasploit - enmu_linux
enum_linux.rcrun post/linux/gather/enum_configsrun post/linux/gather/enum_protectionsrun post/linux/gather/enum_systemrun post/linux/gather/enum_xchatrun post/linux/gather/enum_networkrun post/lin原创 2016-10-14 13:45:00 · 566 阅读 · 0 评论 -
Msf - web_delivery
Python Payload Modemsf exploit(web_delivery) > show options Module options (exploit/multi/script/web_delivery): Name Current Setting Required Description ---- --------------- --------原创 2016-02-22 22:10:07 · 1871 阅读 · 0 评论 -
Pentest - psmsf
PSMSFPSMSF can help us generate payload or files used in cmd console/browser/.. with Metasploit-Framework. If you are similar to windows cmd console, you can use the results in different areas.psmsf [m原创 2016-02-20 23:54:50 · 1866 阅读 · 0 评论 -
MSF - searchengine_subdomains_collector
Collect subdomains from Yahoo / Bing Search Engine.domain:demo.com ip:xxx.xxx.xxx.xxxFor Example, we can gather subdomains of 360.cn.msf auxiliary(searchengine_subdomains_collector) > show options Mod原创 2016-02-19 12:59:41 · 7458 阅读 · 0 评论 -
metasploit - winrm
msf auxiliary(winrm_auth_methods) > show optionsModule options (auxiliary/scanner/winrm/winrm_auth_methods): Name Current Setting Required Description ---- --------------- -------- ---原创 2015-12-26 15:41:59 · 1534 阅读 · 0 评论 -
Metasploit - jenkins_java_deserialize
Standup a Jenkins server version 1.637 or lower:wget http://mirrors.jenkins-ci.org/war/1.637/jenkins.warjava -jar jenkins.warRun the following exploit in msfconsole:use exploit/linux/misc/jenkins_java转载 2015-12-12 13:05:43 · 1428 阅读 · 0 评论 -
Metasploit - bypassuac
Download: checkprivInstallation: cp checkpriv.rb /opt/metasploit-framework/scripts/meterpreter/checkpriv.rbmeterpreter > run checkpriv[*] Admin token: false[*] Running as SYSTEM: false[*] UAC Enab原创 2015-11-17 22:55:15 · 1261 阅读 · 0 评论 -
Metasploit - Jenkins
msf auxiliary(jenkins_enum) > show options Module options (auxiliary/scanner/http/jenkins_enum): Name Current Setting Required Description ---- --------------- -------- -----------原创 2015-12-10 20:13:38 · 1041 阅读 · 0 评论 -
Metasploit - reverse_https
msf auxiliary(impersonate_ssl) > show options Module options (auxiliary/gather/impersonate_ssl): Name Current Setting Required Description ---- --------------- -------转载 2015-11-17 10:39:05 · 3536 阅读 · 0 评论 -
Metasploit - Powershell
msf post(multi_meterpreter_inject) > sessions -l Active sessions=============== Id Type Information Connection -- ---- ----------- ----------原创 2015-11-16 23:35:45 · 1371 阅读 · 0 评论 -
metasploit - debug
Prygem install pryNow let the fun begin! Lets pick a module to debug. require 'pry'...binding.pry...2.1.7 :001 > pry[1] pry(main)> helpHelp help Show a list of commands or informat原创 2015-02-11 13:02:27 · 1311 阅读 · 0 评论 -
metasploit - plugins
msf > load load alias load msfd load socket_loggerload auto_add_route load msgrpc load soundsload db_credcollect load nessus load sqlmapload db_tracker原创 2015-04-20 13:53:58 · 657 阅读 · 0 评论 -
Metasploit - cpassword_decrypt
Description## This script will allow you to specify an encrypted cpassword string using the Microsofts public# AES key. This is useful if you don't or can't use the GPP post exploitation module. Jus原创 2015-04-08 22:48:11 · 1641 阅读 · 0 评论 -
metasploit - committer
Good man here ![nixawk@core tools]$ ./committer_count.rb -hCommits since 0000-01-01--------------------------------------------------hmoore-r7 4340wchen-r7 3969jva原创 2015-04-08 22:30:13 · 3225 阅读 · 0 评论 -
NTP - UDP 123
推荐链接:NTP reflection attack原创 2014-09-03 23:39:08 · 8088 阅读 · 1 评论 -
Metasploit2: tcp port 139/445 – Samba smbd
Metasploit2: tcpport 139 – netbios-ssnWindows系统开启139端口,可用工具psshutdown.exe远程关闭电脑.Samba可运行在MicrosoftWindows外的系统,例如:UNIX, Linux, IBM System, OpenVMS和其他的系统.Samba使用的是TCP/IP协议.它允许主机与Windows客户端原创 2014-07-30 00:15:56 · 5023 阅读 · 0 评论 -
Openvas install
OpenVAS 6 installation can be a little confusing for those notfamiliar with the different OpenVAS components. Making it evenmore so is a little problem with libgnutls that is causing manypeople more原创 2014-09-13 15:24:11 · 1659 阅读 · 0 评论 -
Metasploit2 - tcp port 21 - vsftpd
Metasploitable2: tcp port 21 - vsftpdMetasploitable2的21号端口,运行的是vsftp服务。该版本的源码被攻击者植入了后门。后门很快被移除,但是还是有部分人下载了它。如果登录的用户名结尾是“:)”[笑脸],那么在6200端口会监听一个后门.msf> use exploit/unix/ftp/vsftpd_234_ba原创 2014-07-29 23:36:32 · 1341 阅读 · 0 评论 -
Metasploit2: tcp port 111 – rpcbind
Metasploit2: tcpport 111 – rpcbindRPC& portmapper (111 TCP + other UDP)portmapper服务是这样工作的:当我连接portmapper端口时,表明我想使用一个指定的RPC服务。portmapper会告诉我该使用哪个端口.(RPC是RemoteProcedure Call的简称,类似与执行远程主机上原创 2014-07-29 23:38:32 · 8522 阅读 · 0 评论 -
Metasploitable2 - tcp port 8180 - tomcat
msf > use exploit/multi/http/tomcat_mgr_deploymsf exploit(tomcat_mgr_deploy) > show options Module options (exploit/multi/http/tomcat_mgr_deploy): Name Current Setting Required De原创 2014-08-01 00:45:56 · 1883 阅读 · 0 评论