为什么我启动了msfconsole没有msf终端
展开全部
这可能是最流行的msfconsole界面MSF。它提供了一个“一体化”集中控制台,允许你有效地访问到几乎所有的选项可在Metasploit框架。Msfconsole起初看似吓人的,但一旦你学习语法的命令,你将学会欣赏利用该接口的力量。 msfconsole界面的窗户都可以在3.3版本发布,但3.2版本的用户将需要手动安装Cygwin框架下,随着红宝石安装补丁,或接触控制台模拟器通过包括网站或GUI部件。
msfconsole的好处:
1.这是唯一办法访问大多数支持在Metasploit特点。
2.console-based界面提供了一个框架
3.含有最特点和是最稳定的无国界医生的界面
4.充分readline支持,tabbing以及命令完成
5.在msfconsole外部命令的执行是可能的
msf > ping -c 1 192.168.1.2[*] exec: ping -c 1 192.168.1.2 PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data. 64 bytes from 192.168.1.2: icmp_seq=1 ttl=128 time=10.3 ms --- 192.168.1.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 10.308/10.308/10.308/0.000 ms msf >
通过简单的展开msfconsole运行。“从/ msfconsole命令行。你可以 msfconsole -h”,去看看别的用途。
输入help或者?,显示在msfconsole中的可用命令
标签完成
这是msfconsole设计快速使用和特点之一,有助于这一目标是标签完成。与各种各样的模组可供选择,就很难记得确切的名字和路径的特殊模数你希望利用。同大多数的其他类型的贝壳,进入你所知道的和紧迫的标签的会赠送一个列表选择或自动完成你的字符串,如果只有一个选择。标签完成readline取决于延伸和几乎每个指挥控制台支持标签完成。
use exploit/windows/dce
use .*netapi.*
set LHOST
show
set TARGET
set PAYLOAD windows/shell/
exp
back
命令
msf auxiliary(ms09_001_write) > back msf >
check命令
没有很多的利用,支持它,但也存在着一个“检查'选项,看看一个目标是脆弱的,而不是一个特定的开发利用它实际上。
msf exploit(ms04_045_wins) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- RHOST 192.168.1.114 yes The target address RPORT 42 yes The target port Exploit target: Id Name -- ---- 0 Windows 2000 English msf exploit(ms04_045_wins) > check[-] Check failed: The connection was refused by the remote host (192.168.1.114:42)
connect命令 连接
有一个微型netcat克隆建成的msfconsole支持SSL,代理,旋转、文件发送。发出“连接”命令一个ip地址和端口的号码,你可以连接到一个远程主机在msfconsole一样的你会与netcat或远程登录。
msf > connect 192.168.1.1 23[*] Connected to 192.168.1.1:23 ??????!???? DD-WRT v24 std (c) 2008 NewMedia-NET GmbH Release: 07/27/08 (SVN revision: 10011) ? DD-WRT login:
通过“-”的连接,它将通过SSL连接:
msf > connect -s www.metasploit.com 443[*] Connected to www.metasploit.com:443 GET / HTTP/1.0 HTTP/1.1 302 Found Date: Sat, 25 Jul 2009 05:03:42 GMT Server: Apache/2.2.11 Location: http://www.metasploit.org/
run命令
msf auxiliary(ms09_001_write) > run Attempting to crash the remote host... datalenlow=65535 dataoffset=65535 fillersize=72 rescue datalenlow=55535 dataoffset=65535 fillersize=72 rescue datalenlow=45535 dataoffset=65535 fillersize=72 rescue datalenlow=35535 dataoffset=65535 fillersize=72 rescue datalenlow=25535 dataoffset=65535 fillersize=72 rescue ...snip...
irb命令
msf > irb[*] Starting IRB shell... >> puts "Hello, metasploit!" Hello, metasploit! => nil >> Framework::Version => "3.8.0-dev" >> framework.modules.keys.length =>1336
msfconsole
Retrieved from "http://www.offensive-security.com/metasploit-unleashed/Msfconsole_Irb_Command"
jobs命令
msf exploit(ms08_067_netapi) > jobs -h Usage: jobs [options] Active job manipulation and interaction. OPTIONS: -K Terminate all running jobs. -h Help banner. -i Lists detailed information about a running job. -k Terminate the specified job name. -l List all running jobs. -v Print more detailed info. Use with -i and -l
load命令
load指挥从Metasploit载入一个插件的插件的目录。通过参数的 'key=val' 的shell上。
msf > load Usage: load [var=val var=val ...] Load a plugin from the supplied path. The optional var=val options are custom parameters that can be passed to plugins. msf > load pcap_log[*] Successfully loaded plugin: pcap_logunload命令 卸掉
msf > load pcap_log [*] Successfully loaded plugin: pcap_log msf > unload pcap_log Unloading plugin pcap_log...unloaded.
loadpath命令
“loadpath”命令将载入一个third-part模块树为道路,这样你就可以在你的0-day点Metasploit战功,编码器,有效载荷,等。
msf > loadpath /home/secret/modules Loaded 0 modules.
resource命令
一些攻击(如Karmetasploit使用资源(批)文件,您可以通过msfconsole负载使用“资源”命令。这些文件是一个基本的脚本为msfconsole。它运行的命令在档案按顺序排列。稍后我们将探讨,外面的Karmetasploit,可以是非常有用的。
msf > resource karma.rc resource> load db_sqlite3 [-][-] The functionality previously provided by this plugin has been [-] integrated into the core command set. Use the new 'db_driver' [-] command to use a database driver other than sqlite3 (which [-] is now the default). All of the old commands are the same. [-][-] Failed to load plugin from /pentest/exploits/framework3/plugins/db_sqlite3: Deprecated plugin resource> db_create /root/karma.db [*] The specified database already exists, connecting [*] Successfully connected to the database [*] File: /root/karma.db resource> use auxiliary/server/browser_autopwn resource> setg AUTOPWN_HOST 10.0.0.1 AUTOPWN_HOST => 10.0.0.1 ...snip...
批处理文件可以大大加快测试和开发时间以及允许用户自动化许多任务。除了载入一个批处理文件msfconsole从内部,但是它们还是可以通过使用“r”启动国旗。简单的范例创造一个批处理文件显示Metasploit版本号在启动。
root@bt:~# echo version > version.rc root@bt:~# ./msfconsole -r version.rc888 888 d8b888 888 888 Y8P888 888 888 888 88888b.d88b. .d88b. 888888 8888b. .d8888b 88888b. 888 .d88b. 888888888 888 "888 "88bd8P Y8b888 "88b88K 888 "88b888d88""88b888888 888 888 88888888888888 .d888888"Y8888b.888 888888888 888888888 888 888 888Y8b. Y88b. 888 888 X88888 d88P888Y88..88P888Y88b. 888 888 888 "Y8888 "Y888"Y888888 88888P'88888P" 888 "Y88P" 888 "Y888 888 888 888 =[ metasploit v3.8.0-dev [core:3.8 api:1.0] + -- --=[ 688 exploits - 357 auxiliary - 39 post + -- --=[ 217 payloads - 27 encoders - 8 nops =[ svn r12668 updated today (2011.05.19) resource> version Framework: 3.8.0-dev.12644 Console : 3.8.0-dev.12651 msf >
route命令
“route”命令在Metasploit允许你通过路由卯会话或'comm',提供基本的旋转能力。添加一个路线,你通过目标的子网和网络掩码,紧随其后的是会议(传媒类)号码。
msf exploit(ms08_067_netapi) > route Usage: route [add/remove/get/flush/print] subnet netmask [comm/sid] Route traffic destined to a given subnet through a supplied session. The default comm is Local. msf exploit(ms08_067_netapi) > route add 192.168.1.0 255.255.255.0 2 msf exploit(ms08_067_netapi) > route print Active Routing Table ==================== Subnet Netmask Gateway ------ ------- ------- 192.168.1.0 255.255.255.0 Session 2
info命令
“info”命令将提供详细的信息关于某个模块包括所有的选择,目标,和其他信息。一定要认真阅读模块描述使用它作为前可能有些un-desired效果。
信息的命令也提供以下信息:
1.作者和许可的信息
2.漏洞参考资料
3.任何有效载荷限制模块
msf > info dos/windows/smb/ms09_001_write Name: Microsoft SRV.SYS WriteAndX Invalid DataOffset Version: 6890 License: Metasploit Framework License (BSD) Provided by: j.v.vallejo
msf > info dos/windows/smb/ms09_001_write Name: Microsoft SRV.SYS WriteAndX Invalid DataOffset Version: 6890 License: Metasploit Framework License (BSD) Provided by: j.v.vallejo
msf > info dos/windows/smb/ms09_001_write Name: Microsoft SRV.SYS WriteAndX Invalid DataOffset Version: 6890 License: Metasploit Framework License (BSD) Provided by: j.v.vallejo
msf > info dos/windows/smb/ms09_001_write Name: Microsoft SRV.SYS WriteAndX Invalid DataOffset Version: 6890 License: Metasploit Framework License (BSD) Provided by: j.v.vallejo
set 命令
'set'指令让你配置框架选项和参数对当前模块你处理。
msf auxiliary(ms09_001_write) > set RHOST 192.168.1.1 RHOST => 192.168.1.1 msf auxiliary(ms09_001_write) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- RHOST 192.168.1.1 yes The target address RPORT 445 yes Set the SMB service port
最近的一份附加的性能在Metasploit是能力设定一个编码器使用运行时间。这是特别有用的发展在利用你还不太确定的编码方法,将工作载荷与开发。
msf exploit(ms08_067_netapi) > show encoders Compatible encoders =================== Name Description ---- ----------- cmd/generic_sh Generic Shell Variable Substitution Command Encoder generic/none The "none" Encoder mipsbe/longxor XOR Encoder mipsle/longxor XOR Encoder php/base64 PHP Base64 encoder ppc/longxor PPC LongXOR Encoder ppc/longxor_tag PPC LongXOR Encoder sparc/longxor_tag SPARC DWORD XOR Encoder x64/xor XOR Encoder x86/alpha_mixed Alpha2 Alphanumeric Mixedcase Encoder x86/alpha_upper Alpha2 Alphanumeric Uppercase Encoder x86/avoid_utf8_tolower Avoid UTF8/tolower x86/call4_dword_xor Call+4 Dword XOR Encoder x86/countdown Single-byte XOR Countdown Encoder x86/fnstenv_mov Variable-length Fnstenv/mov Dword XOR Encoder x86/jmp_call_additive Polymorphic Jump/Call XOR Additive Feedback Encoder x86/nonalpha Non-Alpha Encoder x86/nonupper Non-Upper Encoder x86/shikata_ga_nai Polymorphic XOR Additive Feedback Encoder x86/unicode_mixed Alpha2 Alphanumeric Unicode Mixedcase Encoder x86/unicode_upper Alpha2 Alphanumeric Unicode Uppercase Encoder msf exploit(ms08_067_netapi) > set encoder x86/shikata_ga_nai encoder => x86/shikata_ga_nai
unset命令
相反的“set'命令,当然,是“unset”。“unset”去掉一个参数配置与“set'之前。你可以移除所有的变量与'unset all'。
msf > set RHOSTS 192.168.1.0/24 RHOSTS => 192.168.1.0/24 msf > set THREADS 50 THREADS => 50 msf > set Global ====== Name Value ---- ----- RHOSTS 192.168.1.0/24 THREADS 50 msf > unset THREADS Unsetting THREADS... msf > unset all Flushing datastore... msf > set Global ====== No entries in data store.
msfconsole的好处:
1.这是唯一办法访问大多数支持在Metasploit特点。
2.console-based界面提供了一个框架
3.含有最特点和是最稳定的无国界医生的界面
4.充分readline支持,tabbing以及命令完成
5.在msfconsole外部命令的执行是可能的
msf > ping -c 1 192.168.1.2[*] exec: ping -c 1 192.168.1.2 PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data. 64 bytes from 192.168.1.2: icmp_seq=1 ttl=128 time=10.3 ms --- 192.168.1.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 10.308/10.308/10.308/0.000 ms msf >
通过简单的展开msfconsole运行。“从/ msfconsole命令行。你可以 msfconsole -h”,去看看别的用途。
输入help或者?,显示在msfconsole中的可用命令
标签完成
这是msfconsole设计快速使用和特点之一,有助于这一目标是标签完成。与各种各样的模组可供选择,就很难记得确切的名字和路径的特殊模数你希望利用。同大多数的其他类型的贝壳,进入你所知道的和紧迫的标签的会赠送一个列表选择或自动完成你的字符串,如果只有一个选择。标签完成readline取决于延伸和几乎每个指挥控制台支持标签完成。
use exploit/windows/dce
use .*netapi.*
set LHOST
show
set TARGET
set PAYLOAD windows/shell/
exp
back
命令
msf auxiliary(ms09_001_write) > back msf >
check命令
没有很多的利用,支持它,但也存在着一个“检查'选项,看看一个目标是脆弱的,而不是一个特定的开发利用它实际上。
msf exploit(ms04_045_wins) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- RHOST 192.168.1.114 yes The target address RPORT 42 yes The target port Exploit target: Id Name -- ---- 0 Windows 2000 English msf exploit(ms04_045_wins) > check[-] Check failed: The connection was refused by the remote host (192.168.1.114:42)
connect命令 连接
有一个微型netcat克隆建成的msfconsole支持SSL,代理,旋转、文件发送。发出“连接”命令一个ip地址和端口的号码,你可以连接到一个远程主机在msfconsole一样的你会与netcat或远程登录。
msf > connect 192.168.1.1 23[*] Connected to 192.168.1.1:23 ??????!???? DD-WRT v24 std (c) 2008 NewMedia-NET GmbH Release: 07/27/08 (SVN revision: 10011) ? DD-WRT login:
通过“-”的连接,它将通过SSL连接:
msf > connect -s www.metasploit.com 443[*] Connected to www.metasploit.com:443 GET / HTTP/1.0 HTTP/1.1 302 Found Date: Sat, 25 Jul 2009 05:03:42 GMT Server: Apache/2.2.11 Location: http://www.metasploit.org/
run命令
msf auxiliary(ms09_001_write) > run Attempting to crash the remote host... datalenlow=65535 dataoffset=65535 fillersize=72 rescue datalenlow=55535 dataoffset=65535 fillersize=72 rescue datalenlow=45535 dataoffset=65535 fillersize=72 rescue datalenlow=35535 dataoffset=65535 fillersize=72 rescue datalenlow=25535 dataoffset=65535 fillersize=72 rescue ...snip...
irb命令
msf > irb[*] Starting IRB shell... >> puts "Hello, metasploit!" Hello, metasploit! => nil >> Framework::Version => "3.8.0-dev" >> framework.modules.keys.length =>1336
msfconsole
Retrieved from "http://www.offensive-security.com/metasploit-unleashed/Msfconsole_Irb_Command"
jobs命令
msf exploit(ms08_067_netapi) > jobs -h Usage: jobs [options] Active job manipulation and interaction. OPTIONS: -K Terminate all running jobs. -h Help banner. -i Lists detailed information about a running job. -k Terminate the specified job name. -l List all running jobs. -v Print more detailed info. Use with -i and -l
load命令
load指挥从Metasploit载入一个插件的插件的目录。通过参数的 'key=val' 的shell上。
msf > load Usage: load [var=val var=val ...] Load a plugin from the supplied path. The optional var=val options are custom parameters that can be passed to plugins. msf > load pcap_log[*] Successfully loaded plugin: pcap_logunload命令 卸掉
msf > load pcap_log [*] Successfully loaded plugin: pcap_log msf > unload pcap_log Unloading plugin pcap_log...unloaded.
loadpath命令
“loadpath”命令将载入一个third-part模块树为道路,这样你就可以在你的0-day点Metasploit战功,编码器,有效载荷,等。
msf > loadpath /home/secret/modules Loaded 0 modules.
resource命令
一些攻击(如Karmetasploit使用资源(批)文件,您可以通过msfconsole负载使用“资源”命令。这些文件是一个基本的脚本为msfconsole。它运行的命令在档案按顺序排列。稍后我们将探讨,外面的Karmetasploit,可以是非常有用的。
msf > resource karma.rc resource> load db_sqlite3 [-][-] The functionality previously provided by this plugin has been [-] integrated into the core command set. Use the new 'db_driver' [-] command to use a database driver other than sqlite3 (which [-] is now the default). All of the old commands are the same. [-][-] Failed to load plugin from /pentest/exploits/framework3/plugins/db_sqlite3: Deprecated plugin resource> db_create /root/karma.db [*] The specified database already exists, connecting [*] Successfully connected to the database [*] File: /root/karma.db resource> use auxiliary/server/browser_autopwn resource> setg AUTOPWN_HOST 10.0.0.1 AUTOPWN_HOST => 10.0.0.1 ...snip...
批处理文件可以大大加快测试和开发时间以及允许用户自动化许多任务。除了载入一个批处理文件msfconsole从内部,但是它们还是可以通过使用“r”启动国旗。简单的范例创造一个批处理文件显示Metasploit版本号在启动。
root@bt:~# echo version > version.rc root@bt:~# ./msfconsole -r version.rc888 888 d8b888 888 888 Y8P888 888 888 888 88888b.d88b. .d88b. 888888 8888b. .d8888b 88888b. 888 .d88b. 888888888 888 "888 "88bd8P Y8b888 "88b88K 888 "88b888d88""88b888888 888 888 88888888888888 .d888888"Y8888b.888 888888888 888888888 888 888 888Y8b. Y88b. 888 888 X88888 d88P888Y88..88P888Y88b. 888 888 888 "Y8888 "Y888"Y888888 88888P'88888P" 888 "Y88P" 888 "Y888 888 888 888 =[ metasploit v3.8.0-dev [core:3.8 api:1.0] + -- --=[ 688 exploits - 357 auxiliary - 39 post + -- --=[ 217 payloads - 27 encoders - 8 nops =[ svn r12668 updated today (2011.05.19) resource> version Framework: 3.8.0-dev.12644 Console : 3.8.0-dev.12651 msf >
route命令
“route”命令在Metasploit允许你通过路由卯会话或'comm',提供基本的旋转能力。添加一个路线,你通过目标的子网和网络掩码,紧随其后的是会议(传媒类)号码。
msf exploit(ms08_067_netapi) > route Usage: route [add/remove/get/flush/print] subnet netmask [comm/sid] Route traffic destined to a given subnet through a supplied session. The default comm is Local. msf exploit(ms08_067_netapi) > route add 192.168.1.0 255.255.255.0 2 msf exploit(ms08_067_netapi) > route print Active Routing Table ==================== Subnet Netmask Gateway ------ ------- ------- 192.168.1.0 255.255.255.0 Session 2
info命令
“info”命令将提供详细的信息关于某个模块包括所有的选择,目标,和其他信息。一定要认真阅读模块描述使用它作为前可能有些un-desired效果。
信息的命令也提供以下信息:
1.作者和许可的信息
2.漏洞参考资料
3.任何有效载荷限制模块
msf > info dos/windows/smb/ms09_001_write Name: Microsoft SRV.SYS WriteAndX Invalid DataOffset Version: 6890 License: Metasploit Framework License (BSD) Provided by: j.v.vallejo
msf > info dos/windows/smb/ms09_001_write Name: Microsoft SRV.SYS WriteAndX Invalid DataOffset Version: 6890 License: Metasploit Framework License (BSD) Provided by: j.v.vallejo
msf > info dos/windows/smb/ms09_001_write Name: Microsoft SRV.SYS WriteAndX Invalid DataOffset Version: 6890 License: Metasploit Framework License (BSD) Provided by: j.v.vallejo
msf > info dos/windows/smb/ms09_001_write Name: Microsoft SRV.SYS WriteAndX Invalid DataOffset Version: 6890 License: Metasploit Framework License (BSD) Provided by: j.v.vallejo
set 命令
'set'指令让你配置框架选项和参数对当前模块你处理。
msf auxiliary(ms09_001_write) > set RHOST 192.168.1.1 RHOST => 192.168.1.1 msf auxiliary(ms09_001_write) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- RHOST 192.168.1.1 yes The target address RPORT 445 yes Set the SMB service port
最近的一份附加的性能在Metasploit是能力设定一个编码器使用运行时间。这是特别有用的发展在利用你还不太确定的编码方法,将工作载荷与开发。
msf exploit(ms08_067_netapi) > show encoders Compatible encoders =================== Name Description ---- ----------- cmd/generic_sh Generic Shell Variable Substitution Command Encoder generic/none The "none" Encoder mipsbe/longxor XOR Encoder mipsle/longxor XOR Encoder php/base64 PHP Base64 encoder ppc/longxor PPC LongXOR Encoder ppc/longxor_tag PPC LongXOR Encoder sparc/longxor_tag SPARC DWORD XOR Encoder x64/xor XOR Encoder x86/alpha_mixed Alpha2 Alphanumeric Mixedcase Encoder x86/alpha_upper Alpha2 Alphanumeric Uppercase Encoder x86/avoid_utf8_tolower Avoid UTF8/tolower x86/call4_dword_xor Call+4 Dword XOR Encoder x86/countdown Single-byte XOR Countdown Encoder x86/fnstenv_mov Variable-length Fnstenv/mov Dword XOR Encoder x86/jmp_call_additive Polymorphic Jump/Call XOR Additive Feedback Encoder x86/nonalpha Non-Alpha Encoder x86/nonupper Non-Upper Encoder x86/shikata_ga_nai Polymorphic XOR Additive Feedback Encoder x86/unicode_mixed Alpha2 Alphanumeric Unicode Mixedcase Encoder x86/unicode_upper Alpha2 Alphanumeric Unicode Uppercase Encoder msf exploit(ms08_067_netapi) > set encoder x86/shikata_ga_nai encoder => x86/shikata_ga_nai
unset命令
相反的“set'命令,当然,是“unset”。“unset”去掉一个参数配置与“set'之前。你可以移除所有的变量与'unset all'。
msf > set RHOSTS 192.168.1.0/24 RHOSTS => 192.168.1.0/24 msf > set THREADS 50 THREADS => 50 msf > set Global ====== Name Value ---- ----- RHOSTS 192.168.1.0/24 THREADS 50 msf > unset THREADS Unsetting THREADS... msf > unset all Flushing datastore... msf > set Global ====== No entries in data store.
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
展开全部
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
