Seven. Powerful Meterpreter
7.1 Re-probing Metasploit attack load module
7.1.1 Typical attack load module
Metasploit covers major major operating systems and platforms, most of which are the attack payload modules used by remote exploits, typically by opening a remote shell and executing commands remotely.
Metasploit allows users to import their own shellcode into the framework, simply replace payload with their own shellcode code, modify the description and other basic information.
7.1.2 using the attack load module
Search, Query
Info View specific Information
Msfpayload shellcode to view, manage
7.1.3meterpreter Technical Advantages
1. Platform Versatility
2. Pure memory Operating mode
3. Flexible and encrypted communication protocols
4. Easy to expand
7.2meterpreter command Explanation
7.2.1 Basic Commands
1.background hides the Meterpreter terminal behind
2.sessions view a session that has been successfully acquired, and if you want to continue interacting with a session, use the Session-i command
3.quit closing the current session
4.shell can get the system's console shell
5.IRB can interact with Ruby in Meterpreter
7.2.2 File system commands
1.cat Viewing file contents
2.GETWD get the current working directory on the target machine
3.upload Uploading Files
4.download Download File
5.edit can call the VI editor for editing
6.search Search
7.2.3 Network Commands
1.ipconfig Viewing network interface information
2.PORTFWD Port Forwarding
3.route Display Routing Information
7.2.4 System Commands
1.ps getting the running process information
2.migrate porting a Meterpreter session from one process to another process
3.execute executing files on the target machine
4.getpid PID for the process in which the current session is located
5.kill End Session
6.getuid get the user name to run the Meterpreter session
7.sysinfo get some information about the target system
8.shutdown shutdown
7.3 Post-Infiltration attack module
After post penetration module, usage and Penetration attack module similar, specify session can.
1.persistence Rear Penetration Module
Long-term control of target host by installing self-booting on target host
2.METSVC Rear Penetration Module
Install Meterpreter as a system service on the target host
3.getgui Rear Penetration Module
Turn on Remote Desktop
4. Privilege elevation
1.getsystem
Integration of four lifting technologies. -H to view
2. Exploiting ms10-073 and ms10-092 vulnerabilities
3.service_perssions Module
5. Information theft
1.dumplink
Get the most recent system operation from the target host, access files and document operations records
2.enum_applications
Get the target host installed software, security updates and vulnerability patches information
3.keyscan
User Input module for keylogger
6. Password ingestion and utilization
1. Network sniffing
Sniffer module
2. Ingest through the browser
1.enum_ie Module
Read the cached IE browser password
3. System Password Ingestion
Hashdump get the password hash of the system directly
Smart_hashdump after penetration module
Hash Password Utilization:
Cracked or directly replayed using the Hack tool
PsExec: Using System password hashing for delivery attacks
7. Intranet expansion
1. Add a route
To add a route with the route command
2. Perform a port scan
3. Attacking with a hashed password
4.ms08-068 and ms10-046 Vulnerability coordination
5. Building an SMB server
Smb_relay Module
6. Results Analysis
8. Hide the Trace
1.clearev
2.timestomp
Modify file creation, last access time
"Metasploit Penetration test Devil Training Camp" study notes chapter Nineth--meterpreter