渗透测试攻击工具(Metasploit基础命令详解)

渗透测试攻击工具：Metasploit可以认为是渗透工具框架，它可以将很多优秀的人写出来的渗透攻击模块整合起来，方便了渗透测试。今天，小小课堂网（ www.xxkt.org ）分享的是《渗透测试攻击工具(Metasploit基础命令详解)》。希望对大家有所帮助。

一、Metasploit版本

Metasploit存在多个版本，有适合企业用的商业版本Metasploit Pro，也有适合个人的免费版本Metasploit Community，kali linux预装的自然是后者。

二、Metasploit启动

Metasploit启动非常简单，只需要以下命令，每次启动的图标显示不一样，不用在意。

msfconsole

Metasploit启动：

三、Metasploit模块

从上图中得知Metasploit版本为v6.0.15-dev，该版本包括2071个exploit，1123个auxiliary，352个post，596个payloads，45个encoders，10个nops。

exploit：漏洞渗透模块，每一个模块对应着一个漏洞，只需要知道这个漏洞的名字，然后执行对应的模块即可完成入侵。

payload：攻击载荷模块，被控端程序，帮助我们实现在目标上完成远程控制操作。通常这些模块既可以单独执行，也可以和漏洞渗透模块一起执行。

auxiliary：辅助模块，进行信息收集的模块，如信息侦查与网络扫描类工具。

post：后渗透攻击模块，成功获取目标的控制权之后，这类模块可以提高控制权限、获取敏感信息和实施跳板攻击等。

当我们不知道怎么操作时，记得命令“help”可以帮助我们。以下是help后的提示。

• Core Commands：核心命令
• Module Commands：模块命令
• Job Commands：任务命令
• Resource Script Commands：资源命令
• Database Backend Commands：数据库后台命令
• Credentials Backend Commands：登录凭证命令
• Developer Commands：开发者命令

Core Commands
=============

Command Description
——- ———–
? Help menu
banner Display an awesome metasploit banner
cd Change the current working directory
color Toggle color
connect Communicate with a host
debug Display information useful for debugging
exit Exit the console
features Display the list of not yet released features that can be opted in to
get Gets the value of a context-specific variable
getg Gets the value of a global variable
grep Grep the output of another command
help Help menu
history Show command history
load Load a framework plugin
quit Exit the console
repeat Repeat a list of commands
route Route traffic through a session
save Saves the active datastores
sessions Dump session listings and display information about sessions
set Sets a context-specific variable to a value
setg Sets a global variable to a value
sleep Do nothing for the specified number of seconds
spool Write console output into a file as well the screen
threads View and manipulate background threads
tips Show a list of useful productivity tips
unload Unload a framework plugin
unset Unsets one or more context-specific variables
unsetg Unsets one or more global variables
version Show the framework and console library version numbers

Module Commands
===============

Command Description
——- ———–
advanced Displays advanced options for one or more modules
back Move back from the current context
clearm Clear the module stack
info Displays information about one or more modules
listm List the module stack
loadpath Searches for and loads modules from a path
options Displays global options or for one or more modules
popm Pops the latest module off the stack and makes it active
previous Sets the previously loaded module as the current module
pushm Pushes the active or list of modules onto the module stack
reload_all Reloads all modules from all defined module paths
search Searches module names and descriptions
show Displays modules of a given type, or all modules
use Interact with a module by name or search term/index

Job Commands
============

Command Description
——- ———–
handler Start a payload handler as job
jobs Displays and manages jobs
kill Kill a job
rename_job Rename a job

Resource Script Commands
========================

Command Description
——- ———–
makerc Save commands entered since start to a file
resource Run the commands stored in a file

Database Backend Commands
=========================

Command Description
——- ———–
analyze Analyze database information about a specific address or address range
db_connect Connect to an existing data service
db_disconnect Disconnect from the current data service
db_export Export a file containing the contents of the database
db_import Import a scan result file (filetype will be auto-detected)
db_nmap Executes nmap and records the output automatically
db_rebuild_cache Rebuilds the database-stored module cache (deprecated)
db_remove Remove the saved data service entry
db_save Save the current data service connection as the default to reconnect on startup
db_status Show the current data service status
hosts List all hosts in the database
loot List all loot in the database
notes List all notes in the database
services List all services in the database
vulns List all vulnerabilities in the database
workspace Switch between database workspaces

Credentials Backend Commands
============================

Command Description
——- ———–
creds List all credentials in the database

Developer Commands
==================

Command Description
——- ———–
edit Edit the current module or a file with the preferred editor
irb Open an interactive Ruby shell in the current context
log Display framework.log paged to the end if possible
pry Open the Pry debugger on the current module or Framework
reload_lib Reload Ruby library files from specified paths

四、Metasploit渗透模块基本命令

模块的命令使用最多的是show、search和use。show是列举，search是搜索，use是使用。

msf > show all

show all：

展现出的是几千个模块，如果只希望看到其中某一类模块，那么show后面增加模块种类，则会出现2000多个exploit的模块。

msf > show exploits

show exploits：

1576： 第一列为序号

windows/http/hp_nnm_ovwebsnmpsrv_uro：name 第二列为模块三层命名

2010-06-08：Disclosure 第三列披露时间

great：rank 第四列威胁等级

No：是否被修复

HP OpenView Network Node Manager ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow：Description第六列漏洞描述

披露日期是指该漏洞发布的日期。

metasploit中漏洞渗透模块威胁等级分为excellent、great、good、normal、average、lowRank和manual。这些等级按照执行效果从好到差划分，例如manual等级的定义是该模块几乎不可能执行，而lowRank指的是这类模块很难执行，normal可以执行，但是必须对目标有严格要求，excellent则表示大部分环境下都可以正常进行。所以，我们尽量选择good以上的模块进行渗透攻击。

search可以用来搜索CVE，也就是已经披露出来的漏洞。以下两种方式均可。

search cve:CVE-2018-19518

search cve:2018-19518

以上就是小小课堂网（ www.xxkt.org ）分享的是《渗透测试攻击工具(Metasploit基础命令详解)》。感谢您的阅读。