Metasploit自动攻击和选择模块攻击详解 - FreeBuf.COM | 关注黑客与极客
Metasploit自动攻击和选择模块攻击详解
共1556351人围观
，发现 17 个不明物体
Metasploit自动攻击和选择模块攻击详解
Author：魔术@Freebuf.com
0×1自动攻击
终端启动Metasploit,因为我现在Source
Code,所以这样启动！
连接数据库
安装方法，执行以下命令即可（请用ROOT执行）。
deb http://ubuntu.mirror.cambrium.nl/ubuntu/ precise main universe
添加软件源
sudo apt-get install postgresql
sudo apt-get install rubygems libpq-dev
apt-get install libreadline-dev
apt-get install libssl-dev
apt-get install libpq5
apt-get install ruby-dev
sudo apt-get install libpq-dev
sudo gem install pg
配置数据库
passwd postgres
修改postgres密码
su postgres
进入数据库
createuser xxx -P
创建xxx用户（然后输入密码，Y/N一直选择N即可）
createdb --owner=user xxx
创建一个XXX数据库
进入xxx数据库
列出数据库
删除数据库
启动扫描TCP扫描模块和查看模块配置信息
设置扫描IP和扫描线程修改，我这里用的是8线程
开始扫描和扫描结果
退出扫描模块和查询数据库记录
加载自动攻击模块和启动攻击(因为新版本的MSF取消了db_autopwn所以会出现红色部分)
攻击信息，红色部分是已经成功连接一个会话
攻击结束，显示活动会话
建立会话，执行命令验证攻击成功&
0×2选择模块攻击
搜索我们需要的攻击模块
启动攻击模块和查看模块配置信息
设置攻击目标和选择TCP的反弹模式连接
开始攻击和攻击成功&
蛋不疼了,就到此为止吧,等什么时候蛋疼了再写Metasploit+XssF+BeEF
我是菜鸟,大牛遇见请绕道,谢谢合作
楼主说的IP怎么就是我的IP...
你的db_autopwn是在哪下载的，我的怎么就不好用，总提示不在支持了
LZ 你好~~我想请问你 ，我的也是4.5版本的MSF 为什么 db_autopwn被删除了你的却还能继续使用呢？我在MSF输入db_autopwn相关的命令时提示找不到那些命令甚至连db_autopwn也没有，他们给出的说明是这个db_autopwn已经取消了，但是我看见楼主还能使用，请问楼主怎么弄的~~求解决方法，急~~谢谢
必须您当前尚未登录。
必须（保密）
人生需要低调啊！
关注我们 分享每日精选文章2.IDA Pro工具
本文所属图书&>&
全书共10章。第1章对渗透测试和Metasploit进行了系统介绍，首先介绍了渗透测试的分类、方法、流程、过程环节等，然后介绍了Metasploit的功能、结构和基本的使用方法。第2章详细演示了渗透测试实验环境的搭建。第&&
IDA Pro是一款支持多种处理器指令的反汇编和调试工具，可以在Windows、和Mac OS X等操作中工作。
IDA Pro的静态反汇编功能非常强大，包括标注、分割汇编指令、交叉引用等功能与简洁的可视化控制流图（CFG）。在这些强大功能的支持下，大大加速了逆向分析人员分析二进制代码的进程。为了简要地展示IDA Pro的功能，我们用它反汇编一个示例的PE格式可执行二进制文件。
首先，载入名为reverse的二进制文件，IDA Pro支持多种处理器对应的机器码，可以自动识别二进制执行文件运行的平台。
然后，IDA Pro开始反汇编这个二进制文件，分析介绍之后，窗口默认停留在程序的入口处，如图2-3所示。
左边窗口显示的是IDA Pro所识别的所有函数，目前所在的是start函数。居中的是汇编指令，已经自动分割成各个基本代码块（BBL）。最右边的是各个代码块组成的这个函数的控制流程图（CFG）。按空格键可以从这个图形反汇编视图切换到反汇编代码视图，如图2-4所示。
IDA Pro就像提供了一张二进制的地图，标注了函数以及分析人员注解的函数调用，同时展现出各级函数和代码块之间的调用关系。此外，IDA Pro的扩展性能很好，可以利用IDA Pro提供的API接口和IDC脚本来扩展应用，而且相关扩展的插件和脚本产生的文件可以直接导入OllyDbg、Binary Diffing等工具中使用。如图2-5所示，大名鼎鼎的Hex-Rays插件可以直接反编译生成C代码，只要按F5即可。
在，IDA pro已经日渐成为分析人员必备的工具之一。在本书中，我们将利用它来定位安全的汇编代码位置，结合其呈现的代码调用关系来理解的机理。
您对本文章有什么意见或着疑问吗？请到您的关注和建议是我们前行的参考和动力&&
您的浏览器不支持嵌入式框架，或者当前配置为不显示嵌入式框架。
文章下载读书From Wikipedia, the free encyclopedia
The Metasploit Project is a
project that provides information about
and aids in
development.
Its best-known sub-project is the
Metasploit Framework, a tool for developing and executing
code against a remote target machine. Other important sub-projects include the Opcode Database,
archive and related research.
The Metasploit Project is well known for its
and evasion tools, some of which are built into the Metasploit Framework.
Metasploit was created by
in 2003 as a portable network tool using . By 2007, the Metasploit Framework had been completely rewritten in . On October 21, 2009, the Metasploit Project announced that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions.
Like comparable commercial products such as Immunity's Canvas or ' , Metasploit can be used to test the vulnerability of computer systems or to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Since the acquisition of the Metasploit Framework, Rapid7 has added two
proprietary editions called Metasploit Express and Metasploit Pro.
Metasploit's emerging position as the
exploit development framework led to the release of software vulnerability advisories often accompanied by a third party Metasploit exploit module that highlights the exploitability, risk and remediation of that particular bug. Metasploit 3.0 began to include
tools, used to discover software vulnerabilities, rather than just exploits for known bugs. This avenue can be seen with the integration of the
wireless (802.11) toolset into Metasploit 3.0 in November 2006. Metasploit 4.0 was released in August 2011.
The basic steps for exploiting a system using the Framework include:
Choosing and configuring an exploit (code that enters a target system by taking adva about 900 different exploits for , / and
systems are included);
Optionally checking whether the intended target system is susceptible t
Choosing and configuring a
(code that will be executed on the target system u for instance, a remote shell or a );
Choosing the encoding technique so that the
(IPS) ignores
Executing the exploit.
This modular approach – allowing the combination of any exploit with any payload – is the major advantage of the Framework. It facilitates the tasks of attackers, exploit writers and payload writers.
Metasploit runs on Unix (including Linux and Mac OS X) and on Windows. The Metasploit Framework can be extended to use add-ons in multiple languages.
To choose an exploit and payload, some information about the target system is needed, such as operating system version and installed network services. This information can be gleaned with
tools such as .
such as , , and
can detect target system vulnerabilities. Metasploit can import vulnerability scanner data and compare the identified vulnerabilities to existing exploit modules for accurate exploitation.
There are several interfaces for Metasploit available. The most popular are maintained by Rapid7 and Strategic Cyber LLC.
The free version. It contains a command line interface, third-party import, manual exploitation and manual brute forcing. This free version of metasploit project also includes Zenmap, a well known ports-scanner and a compiler for Ruby, the language in which this version of metasploit was written.
In October 2011, Rapid7 released Metasploit Community Edition, a free, web-based user interface for Metasploit. Metasploit Community is based on the commercial functionality of the paid-for editions with a reduced set of features, including network discovery, module browsing and manual exploitation. Metasploit Community is included in the main installer.
In April 2010, Rapid7 released Metasploit Express, an open-core commercial edition for security teams who need to verify vulnerabilities. It offers a graphical user interface, integrates nmap for discovery, and adds smart bruteforcing as well as automated evidence collection.
In October 2010, Rapid7 added Metasploit Pro, an open-core commercial Metasploit edition for penetration testers. Metasploit Pro adds onto Metasploit Express with features such as Quick Start Wizards/MetaModules, building and managing
campaigns, web application testing, an advanced Pro Console, dynamic payloads for anti-virus evasion, integration with Nexpose for ad-hoc vulnerability scans, and VPN pivoting.
is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits. It is a
tool notable for its contributions to red team collaboration allowing for shared sessions, data, and communication through a single Metasploit instance.
Cobalt Strike is a collection of threat emulation tools provided by
to work with the Metasploit Framework. Cobalt Strike includes all features of
and adds post-exploitation tools, in addition to report generation features.
Metasploit currently has over 1677 exploits, organized under the following platforms: , , , , , , , , , , , , , multi (applicable to multiple platforms), , , , , , , , , , , , and .
Metasploit currently has over 495 payloads. Some of them are:
Command shell enables users to run collection scripts or run arbitrary commands against the host.
Meterpreter enables users to control the screen of a device using VNC and to browse, upload and download files.
Dynamic payloads enables users to evade anti-virus defenses by generating unique payloads.
Metasploit Framework operates as an open-source project and accepts contributions from the community through GitHub.com pull requests. Submissions are reviewed by a team consisting of both Rapid7 employees and senior external contributors. The majority of contributions add new modules, such as exploits or scanners.
List of original developers:
(founder and chief architect)
Matt Miller (core developer from )
spoonm (core developer from )
Open Web Application Security Project
. Rapid7 2015.
Metasploit. . www.exploit-db.com.
. December 20, 2005. Archived from
. November 11, 2006. Archived from
on January 3, 2013.
. Rapid7 2015.
. rapid7.com. rapid7 2013.
. Strategic Cyber LLC.
. Strategic Cyber LLC.
. Rapid7 LLC.
, searchsecurity.com,
Chapter 12: Writing Exploits III from Sockets, Shellcode, Porting & Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals by James C. Foster ( ). Written by Vincent Liu, chapter 12 explains how to use Metasploit to develop a buffer overflow exploit from scratch.
Wikimedia Commons has media related to .
Wikibooks has more on the topic of:
– The Official Metasploit online community
: Hidden categories:}