北京做网站找谁,国产服务器品牌前十大排名,美业网站建设,wordpress怎么更改域名文章目录前言一、msfconsole启动msfconsole命令分类核心命令模块命令作业命令资源脚本命令后台数据库命令二、使用案例更改提示和提示字符运行shell命令信息收集#xff1a;HTTP头检测前言
理解了Meatasploit框架架构、原理之后#xff0c;自然就很好理解它的使用逻辑
find…
文章目录前言一、msfconsole启动msfconsole命令分类核心命令模块命令作业命令资源脚本命令后台数据库命令二、使用案例更改提示和提示字符运行shell命令信息收集HTTP头检测前言
理解了Meatasploit框架架构、原理之后自然就很好理解它的使用逻辑
find relevant exploits ---- 寻找相关的EXPset parameters ---- 设置参数payloads、目标参数等exploit vulnerable services ---- 攻击/利用 存在漏洞的服务
MSF被称为一个渗透测试框架而不单单是一个漏洞利用框架这就说明我们还可以使用MSF做信息收集、后渗透等许多事情。所以的使用逻辑是这样
find relevant modules ---- 寻找相关的模块set parameters ---- 设置参数payloads、目标参数等run ---- 运行发送数据包输出回显信息 一、msfconsole
msfconsole是MSF的一个使用接口提供了集中式的控制台使你可以高效地访问MSF中的可用选项。刚开始使用msfconsole时可能会有点疑惑这到底是个啥他是怎样工作的我们已经清楚地知道了框架地底层逻辑第一个问题解决了。至于第二个问题可以这样理解msfconsole就是一个“控制台接口”像Linux 的shell 一样接收输入显示输出。既然msfconsole是一个“命令行”那么就有它支持的命令、选项等这就是我们接下来要学习的
启动msfconsole
在命令行输入msfconsole即可以正常模式启动我们会看到一堆欢迎信息也就是软件的bannerbanner信息是随机的每次都不一样
如果输入msfconsole -q,即可以静默模式启动静默模式不会显示错误、警告和banner信息。 进入到MSF的“控制台”之后干什么没学过msfconsole支持的命令就会一脸茫然心生畏惧。
命令分类
进入msfconsole后输入help或者?可以看到开发团队为我们梳理好的命令分类
核心命令
最常用和通用的命令
Core Commands
Command Description------- -----------? Help menubanner Display an awesome metasploit bannercd Change the current working directorycolor Toggle colorconnect Communicate with a hostdebug Display information useful for debuggingexit Exit the consolefeatures Display the list of not yet released features that can be opted in toget Gets the value of a context-specific variablegetg Gets the value of a global variablegrep Grep the output of another commandhelp Help menuhistory Show command historyload Load a framework pluginquit Exit the consolerepeat Repeat a list of commandsroute Route traffic through a sessionsave Saves the active datastoressessions Dump session listings and display information about sessionsset Sets a context-specific variable to a valuesetg Sets a global variable to a valuesleep Do nothing for the specified number of secondsspool Write console output into a file as well the screenthreads View and manipulate background threadstips Show a list of useful productivity tipsunload Unload a framework pluginunset Unsets one or more context-specific variablesunsetg Unsets one or more global variablesversion Show the framework and console library version numbers
模块命令
编辑、加载、使用Msf模块
Module Commands
Command Description------- -----------advanced Displays advanced options for one or more modulesback Move back from the current contextclearm Clear the module stackfavorite Add module(s) to the list of favorite modulesinfo Displays information about one or more moduleslistm List the module stackloadpath Searches for and loads modules from a pathoptions Displays global options or for one or more modulespopm Pops the latest module off the stack and makes it activeprevious Sets the previously loaded module as the current modulepushm Pushes the active or list of modules onto the module stackreload_all Reloads all modules from all defined module pathssearch Searches module names and descriptionsshow Displays modules of a given type, or all modulesuse Interact with a module by name or search term/index作业命令
处理MSF模块的作业操作例如创建作业、列出后台运行的作业、取消和重命名作业
Job Commands
Command Description------- -----------handler Start a payload handler as jobjobs Displays and manages jobskill Kill a jobrename_job Rename a job资源脚本命令
Resource Script Commands
Command Description------- -----------makerc Save commands entered since start to a fileresource Run the commands stored in a file后台数据库命令
Database Backend Commands
Command Description------- -----------analyze Analyze database information about a specific address or address rangedb_connect Connect to an existing data servicedb_disconnect Disconnect from the current data servicedb_export Export a file containing the contents of the databasedb_import Import a scan result file (filetype will be auto-detected)db_nmap Executes nmap and records the output automaticallydb_rebuild_cache Rebuilds the database-stored module cache (deprecated)db_remove Remove the saved data service entrydb_save Save the current data service connection as the default to reconnect on startupdb_status Show the current data service statushosts List all hosts in the databaseloot List all loot in the databasenotes List all notes in the databaseservices List all services in the databasevulns List all vulnerabilities in the databaseworkspace Switch between database workspaces二、使用案例
更改提示和提示字符
进入到msfconsole我们不知道做什么或者说我们不知道目前有什么选项可以使用。可以输入show options或者options显示如下
Global Options:
Option Current Setting Description------ --------------- -----------ConsoleLogging false Log all console input and outputLogLevel 0 Verbosity of logs (default 0, max 3)MeterpreterPrompt meterpreter The meterpreter prompt stringMinimumRank 0 The minimum rank of exploits that will run without explicit confirmationPrompt msf6 The prompt stringPromptChar The prompt characterPromptTimeFormat %Y-%m-%d %H:%M:%S Format for timestamp escapes in promptsSessionLogging false Log all input and output for sessionsSessionTlvLogging false Log all incoming and outgoing TLV packetsTimestampOutput false Prefix all console output with a timestamp我们使用set可以设置这些选项例如更改提示和提示符号
msf6 set Prompt 辣鸡
Prompt ▒辣鸡
▒辣鸡 set PromptChar
PromptChar
▒辣鸡
▒辣鸡 msf6 变成了 ▒辣鸡
运行shell命令
可以在msfconsole中执行shell命令因为Metasploit将这些命令作为参数传递给操作系统的shell
▒辣鸡 whoami
[*] exec: whoamikali
▒辣鸡 ls | grep burp
[*] exec: ls | grep burpburpsuiteP从输出可以猜测应该是ruby中使用了exec()函数将该字符串解析为系统命令并执行。
信息收集HTTP头检测
