metaslploit.docVIP

目录 一．名词解释····································································?3 二．MSF基础···································································?3 三．信息探测与收集···························································?4 四．基本漏洞扫描······························································?8 五．基础溢出命令·····························································10 六．METERPRETER·························································11 七．避开杀软···································································15 八．使用用户端攻击方式(client-side?attacks)······················?17 九．MSF?附加模块···························································18 十．社会工程学工具集（SET）···········································?20 十一．FAST-TRACK·························································22 十二．KARMERASPLOIT·················································?23 十四．渗透实战演习··························································24 十五．常用命令备忘··························································26 3 一．名词解释 exploit 测试者利用它来攻击一个系统，程序，或服务，以获得开发者意料之外的结果。常见的 有内存溢出，网站程序漏洞利用，配置错误exploit。 payload 我们想让被攻击系统执行的程序，如reverse?shell?可以从目标机器与测试者之间建立一 个反响连接，bind?shell?绑定一个执行命令的通道至测试者的机器。payload?也可以是只 能在目标机器上执行有限命令的程序。 shellcode 是进行攻击时的一系列被当作payload?的指令，通常在目标机器上执行之后提供一个可 执行命令的shell。 module MSF?的模块，由一系列代码组成。 listener 等待来自被攻击机器的incoming?连接的监听在测试者机器上的程序。 二．MSF基础 1、MSF?提供多种用户界面：控制台模式（msfconsole），命令行模式（msfcli），图形模式（msfgui、 armitage），（在老版本中还有web?界面模式，后来貌似由于安全因素被取消了？）其中console 模式最常用，启动方式： cd?/opt/framework/msf3/ msfconsole 运行此命令后将进入msf?命令提示符： msf 2、获取命令的帮助信息：help 例子： help?connect 3、msfcli?和msfconsole?相比不提供交互方式，它直接从命令行输入所有参数并产生结果， msfcli?–h?#获取帮助信息 msfcli?exploit_name?option=value?[mode] mode:H（help）帮助 S（summary）显示模块信息 O（options）显示模块的可用选项 A（advanced）显示高级选项 I（ids）显示IDS?EVASION?选项 P（payload）显示此模块可用的payload T（targets）显示可用targets 4 AC（action）显示可用actions C（check）运行模块测试 E（execute）执行选定的模块 例子：ms08_067_netapi?模块 msfcli?windows/smb/ms08_067_netapi?O?#查看可用选项 msfcli?windows/smb/ms08_067_netapi?RHOST=11?P?#查看可用payload msf