本文共 3471 字,大约阅读时间需要 11 分钟。
MetaSploit 安全 1、安装ruby工具 root@strom-virtual-machine:~# apt-get install ruby 2、下载MetaSploit wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run 3、更新命令 使用msfupdate命令 4、MSF目录结构 data:包含meterpreter,pssiveX,VNC DLLs 还有一些用户接口的代码如msfwe,和一些插件 用到的数据文件 documentiation:包含msf的文档,ruby脚本样例和msf利用的API external:包含emterpreter,vnc和passiveX payloads的源码 lib:包含msf使用的ruby库 modules:包含exploits,payloads,nops,encoders和auxiliary模块 plugins:包含数据库链接插件,IPS过滤代码和其他一些插件代码 scripts:包含meterporeter可通的rubyshell利用的脚本,目前包含 杀死目标系统AntiVirus和把meterpreter server实例移到其他进程的脚本 .svn:包含subversion客户端连接到CVS服务器使用的文件和数据 tools:包含一些有用的脚本和零散的工具 5、msfconsole命令: 多个会话可以并发执行命令能够进行交互会话,比如sessions,jobs 也可以列出和杀死运行中的任务,也可以从一个单一利用创建多个会话 这意味着单个利用发动一个用户指定的主机列表 会话可以通过ctrl+z发送到后台,ctrl+c停止 msf带有一组强大的API,他们可以通过msfconsole访问 切换到交互式ruby shell,session和Framework使低层交换成为可能 help命令: msf > help Core Commands ============= Command Description ------- ----------- ? Help menu back Move back from the current context banner Display an awesome metasploit banner cd Change the current working directory color Toggle color connect Communicate with a host edit Edit the current module with $VISUAL or $EDITOR exit Exit the console get Gets the value of a context-specific variable getg Gets the value of a global variable go_pro Launch Metasploit web GUI grep Grep the output of another command help Help menu info Displays information about one or more module irb Drop into irb scripting mode jobs Displays and manages jobs kill Kill a job load Load a framework plugin loadpath Searches for and loads modules from a path makerc Save commands entered since start to a file popm Pops the latest module off the stack and makes it active previous Sets the previously loaded module as the current module pushm Pushes the active or list of modules onto the module stack quit Exit the console reload_all Reloads all modules from all defined module paths rename_job Rename a job resource Run the commands stored in a file route Route traffic through a session save Saves the active datastores search Searches module names and descriptions sessions Dump session listings and display information about sessions set Sets a context-specific variable to a value setg Sets a global variable to a value show Displays modules of a given type, or all modules sleep Do nothing for the specified number of seconds spool Write console output into a file as well the screen threads View and manipulate background threads unload Unload a framework plugin unset Unsets one or more context-specific variables unsetg Unsets one or more global variables use Selects a module by name version Show the framework and console library version numbers Database Backend Commands ========================= Command Description ------- ----------- creds List all credentials in the database db_connect Connect to an existing database db_disconnect Disconnect from the current database instance db_export Export a file containing the contents of the database db_import Import a scan result file (filetype will be auto-detected) db_nmap Executes nmap and records the output automatically db_rebuild_cache Rebuilds the database-stored module cache db_status Show the current database status hosts List all hosts in the database loot List all loot in the database notes List all notes in the database services List all services in the database vulns List all vulnerabilities in the databaseworkspace Switch between database workspaces
6、启动 请参考如下章节
转载地址:http://qjuti.baihongyu.com/