metasploit学习之路(二) msfconsole基本使用
2024-04-26 00:28:22
一、msfconsole简介
msfconsole是msf的命令行交互界面。在msfconsole中,可以实现对msf的完美操作,是一个msf的一体化操作接口,可以完全地利用msf中的各种功能,使用msfconsole特定的命令进行操作,个人认为,相对于armitage来说,更加便捷,也更有利于我们深入理解msf的各个模块的功能。
二、msfconsole调用外部工具
msfconsole为了更好的为渗透测试便利,加入了外部命令的使用功能,我们可以直接在msfconsole中使用系统的命令,比如说最常用的ping命令、ifconfig命令、nmap扫描工具等。
msf5 > ifconfig
[*] exec: ifconfigeth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 10.116.0.177 netmask 255.255.0.0 broadcast 10.116.255.255inet6 fe80::5038:6dd9:a954:7f2e prefixlen 64 scopeid 0x20<link>ether 00:0c:29:4c:15:5c txqueuelen 1000 (Ethernet)RX packets 75 bytes 9950 (9.7 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 556 bytes 51358 (50.1 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 28 bytes 1596 (1.5 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 28 bytes 1596 (1.5 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0msf5 >
三、msfconsole帮助命令
1、去掉打开图形(插曲)
msfconsole打开的时候会显示一些奇怪的形状之类的:
root@kali:~# msfconsole
[-] ***rting the Metasploit Framework console...\
[-] * WARNING: No database support: could not connect to server: Connection refusedIs the server running on host "localhost" (::1) and acceptingTCP/IP connections on port 5432?
could not connect to server: Connection refusedIs the server running on host "localhost" (127.0.0.1) and acceptingTCP/IP connections on port 5432?[-] ***____________[%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $a, |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%][%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $S`?a, |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%][%%%%%%%%%%%%%%%%%%%%__%%%%%%%%%%| `?a, |%%%%%%%%__%%%%%%%%%__%%__ %%%%][% .--------..-----.| |_ .---.-.| .,a$%|.-----.| |.-----.|__|| |_ %%][% | || -__|| _|| _ || ,,aS$""` || _ || || _ || || _|%%][% |__|__|__||_____||____||___._||%$P"` || __||__||_____||__||____|%%][%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| `"a, ||__|%%%%%%%%%%%%%%%%%%%%%%%%%%][%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%|____`"a,$$__|%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%][%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% `"$ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%][%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]=[ metasploit v5.0.35-dev- ]
+ -- --=[ 1903 exploits - 1072 auxiliary - 329 post ]
+ -- --=[ 545 payloads - 44 encoders - 10 nops ]
+ -- --=[ 2 evasion ]msf5 >
可以使用参数-q启动来去掉这些形状:
root@kali:~# msfconsole -q
[-] ***
[-] * WARNING: No database support: could not connect to server: Connection refusedIs the server running on host "localhost" (::1) and acceptingTCP/IP connections on port 5432?
could not connect to server: Connection refusedIs the server running on host "localhost" (127.0.0.1) and acceptingTCP/IP connections on port 5432?[-] ***
msf5 >
2、学会使用help
其实在命令行的学习中,使用help是很重要的,help在很多情况下才是我们真正的帮手。
1)、msfconsole -h
root@kali:~# msfconsole -h
Usage: msfconsole [options]Common options:-E, --environment ENVIRONMENT Set Rails environment, defaults to RAIL_ENV environment variable or 'production'Database options:-M, --migration-path DIRECTORY Specify a directory containing additional DB migrations-n, --no-database Disable database support-y, --yaml PATH Specify a YAML file containing database settingsFramework options:-c FILE Load the specified configuration file-v, -V, --version Show versionModule options:--defer-module-loads Defer module loading unless explicitly asked.-m, --module-path DIRECTORY Load an additional module pathConsole options:-a, --ask Ask before exiting Metasploit or accept 'exit -y'-H, --history-file FILE Save command history to the specified file-L, --real-readline Use the system Readline library instead of RbReadline-o, --output FILE Output to the specified file-p, --plugin PLUGIN Load a plugin on startup-q, --quiet Do not print the banner on startup-r, --resource FILE Execute the specified resource file (- for stdin)-x, --execute-command COMMAND Execute the specified console commands (use ; for multiples)-h, --help Show this message2)、msfconsole内使用帮助
在msfconsole中使用命令help或?都可以查看到帮助界面。
msf5 > helpCore Commands
=============Command Description------- -----------? Help menubanner Display an awesome metasploit bannercd Change the current working directorycolor Toggle colorconnect Communicate with a hostexit Exit the consoleget Gets the value of a context-specific variablegetg Gets the value of a global variablegrep Grep the output of another commandhelp Help menuhistory Show command historyload Load a framework pluginquit Exit the consolerepeat Repeat a list of commandsroute Route traffic through a sessionsave Saves the active datastoressessions Dump session listings and display information about sessionsset Sets a context-specific variable to a valuesetg Sets a global variable to a valuesleep Do nothing for the specified number of secondsspool Write console output into a file as well the screenthreads View and manipulate background threadsunload Unload a framework pluginunset Unsets one or more context-specific variablesunsetg Unsets one or more global variablesversion Show the framework and console library version numbersModule Commands
===============Command Description------- -----------advanced Displays advanced options for one or more modulesback Move back from the current contextinfo Displays information about one or more modulesloadpath Searches for and loads modules from a pathoptions Displays global options or for one or more modulespopm Pops the latest module off the stack and makes it activeprevious Sets the previously loaded module as the current modulepushm Pushes the active or list of modules onto the module stackreload_all Reloads all modules from all defined module pathssearch Searches module names and descriptionsshow Displays modules of a given type, or all modulesuse Interact with a module by name or search term/indexJob Commands
============Command Description------- -----------handler Start a payload handler as jobjobs Displays and manages jobskill Kill a jobrename_job Rename a jobResource Script Commands
========================Command Description------- -----------makerc Save commands entered since start to a fileresource Run the commands stored in a fileDatabase Backend Commands
=========================Command Description------- -----------analyze Analyze database information about a specific address or address rangedb_connect Connect to an existing data servicedb_disconnect Disconnect from the current data servicedb_export Export a file containing the contents of the databasedb_import Import a scan result file (filetype will be auto-detected)db_nmap Executes nmap and records the output automaticallydb_rebuild_cache Rebuilds the database-stored module cachedb_remove Remove the saved data service entrydb_save Save the current data service connection as the default to reconnect on startupdb_status Show the current data service statushosts List all hosts in the databaseloot List all loot in the databasenotes List all notes in the databaseservices List all services in the databasevulns List all vulnerabilities in the databaseworkspace Switch between database workspacesCredentials Backend Commands
============================Command Description------- -----------creds List all credentials in the databaseDeveloper Commands
==================Command Description------- -----------edit Edit the current module or a file with the preferred editorirb Open an interactive Ruby shell in the current contextlog Display framework.log paged to the end if possiblepry Open the Pry debugger on the current module or Frameworkreload_lib Reload Ruby library files from specified paths
关于一些真正使用时候的操作流程,后面就行实操的时候会有,这里想强调一下使用help的重要性。
3、tab支持
msfconsole中支持tab键对命令的补全功能
四、msf交互
1、msfconsole
msf是最直接,最强大好用的msf交互界面,也是本篇文章的重点介绍对象
2、armitage
图形化的交互界面,虽然界面不太美观,但是可以试一下,感觉用的不多
3、msfvenom
msfvenom是一个不用进入msfconsole就可使用的命令,是专门为payload generator设置的命令,使用msfvenom和相关参数可以直接生成我们想要的payload。
End:
本篇文章为介绍性,后面会有对应的实操。
metasploit学习之路(二) msfconsole基本使用相关推荐
- 前端Vue学习之路(二)-Vue-router路由
Vue学习之路 (二) Vue-router(基础版) 一.增加静态路由 二.动态路由+路由嵌套+404页面 三. 编程式导航 四.命名路由 五.命名视图 六.重定向和起别名 1.重定向 2.起别名 ...
- Hive学习之路(二):Hive表操作详讲
操作内容简介 一.操作前的准备 二.Hive表操作详讲 1. 创建数据库 2. 查看所有数据库/表 3. 在Hive上直接操作HDFS 4. 在Hive上直接执行终端命令 5. 创建数据表/查看表的信 ...
- python 剑指offer 学习之路(二)
剑指offer 学习之路 合并两个排序的链表 树的子结构 顺时针打印矩阵 包含min函数的栈 从上往下打印二叉树 二叉搜索树的后序遍历序列 二叉树中和为某一值的路径 复杂链表的复制 数组中出现次数超过 ...
- zigbee学习之路(二)点亮LED
一.前言 今天,我来教大家如何点亮led,这也是学习开发板最基础的步骤了. 二.原理分析 cc2530芯片跟虽然是51的内核,但是它跟51单片机还是有区别的,51单片机不需要对IO口进行配置,而cc2 ...
- metasploit学习之路(四)记一次实战--永恒之蓝(MS017-010)
在我的metasploit的学习博客中,也算是实操的一篇,可以对使用流程和一些必要的命令进行学习. 永恒之蓝这个漏洞我没有复现过,但是这一次偶然的机会玩了一把. 大佬在讲台上面传授经验,用的是wind ...
- Spring Boot 学习之路二 配置文件 application.yml
一.创建配置文件 如图所示,我们在resources文件夹中新建配置文件application.yml 结构图 二.一些基本配置 server: port: 8090 //配置端口session-ti ...
- C++学习之路二:C++
目录 二.C++ 1. C,java,C++区别 2. C++ 对象模型(C++ class底层原理) 2.1 基本对象模型与C++对象模型 2.2 C++ 构造函数模型 2.3 C++继承的底层原理 ...
- 3D点云之PCL学习之路(二)
VTK的基本知识(1) PCL使用的第三方库有 boost.eigen.FLANN.OpenNI2.Qhull.VTK. PCL的显示部分就是基于VTK来实现的.简单介绍一下这个库.主要参考依据是:& ...
- HBase学习之路(二):Java客户端的CRUD操作详讲
内容简介 一.概述 二.操作前的准备 三.put操作 1.单行put方法 2.使用Put列表 四.get操作 1.单行get方法 2.使用Get列表 五.delete操作 1.单行delete方法 2 ...
- python学习之路二
数据类型: int 整型 数字进制转化函数: bin(10) "0b1010" 将十进制的10 转换成二进制 oct(10) "0o12"将十进制的10 ...
最新文章
- 学习资源:在线学习 Python(一)
- 你的Redis怎么持久化的
- HBase设计与开发性能优化(转)
- C++AVL树(自平衡二叉查找树)(附完整源码)
- nginx配置文件中location与root访问时的联系
- import java.io 包下载_Go 包管理机制深入分析
- 修改小程序swiper 点的样式_高质量的微信小程序样式模板应该长什么样?
- 活动报名 | DEF CON之后,最令人期待的网络安全盛会(内附赠票)
- BeanUtils.copyProperties使用
- 毕业后,两个月,第二家公司上班第一天
- HTML5(FileRdeader)
- Inspect(VB.NET、C#版)软件的的下载和使用
- 卡西欧计算机做英语,卡西欧的这个小萌物 原来是台英语学习机
- 无侵入式的mysql的binlog采集——maxwell采集binlog放到kafka中——成功!
- CC控制服务的设计和侦测方法综述
- 什么是opt文件,plg,ncb等
- 《隐姓亿万富翁》读后感
- 卡方检验——离散型特征相关性分析
- 2022 年七大前沿科技:每一项都能改变世界
- gulp自动化环境搭建,自动化解决方案