未分类 – 第 7 页 – 大蝉's Blog

转载: MSF Startup at boot? Using msfrpcd, msgpack, & msf rc files for “disaster recovery”

原文：https://khr0x40sh.wordpress.com/2012/05/22/msf-startup-at-boot-using-msfrpcd-msgpack-msf-rc-files-for-disaster-recovery/
继续阅读转载: MSF Startup at boot? Using msfrpcd, msgpack, & msf rc files for “disaster recovery”

Kali+VNC除了LXDE另一种方案

转自：https://forums.kali.org/showthread.php?26823-Remote-access-with-SSH-TightVNC-failed-with-new-Kali-2-0
I have, but it involves installing the MATE desktop environment, which is a GNOME 2 fork.

First, you have to install MATE:

$ sudo apt-get install mate-core mate-desktop-environment-extra mate-desktop-environment-extras mate-themes

Then, you have to change a line in the ~/.vnc/xstartup, replacing

/etc/X11/Xsession

with

/usr/bin/mate-session

It is just a workaround, as MATE offers a different look and feel than GNOME.

The underlying problems with GNOME and VNC (and RDP, NX, …) are described here:

https://bugs.debian.org/cgi-bin/bugr…cgi?bug=776746
https://bugs.launchpad.net/ubuntu/+s…n/+bug/1251281

and it looks like a fix for Debian will take some time…

流量走tor

https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy#WARNING

msf persist免杀

persist调用
/usr/local/share/metasploit-framework/modules/exploits/windows/local/persistence.rb

    exe = generate_payload_exe
    # Generate the vbs payload
    vprint_status("Generating VBS persistent script (#{rvbs_name})")
    vbsscript = ::Msf::Util::EXE.to_exe_vbs(exe, {:persist => true, :delay => delay, :exe_filename => rexe_name})

::Msf::Util::EXE.to_exe_vbs 来自 /usr/local/share/metasploit-framework/lib/msf/util/exe.rb

  # self.to_exe_vba
  #
  # @param  exes  [String]
  # @param  opts  [Hash]
  # @option opts  [String] :delay
  # @option opts  [String] :persists
  # @option opts  [String] :exe_filename
  def self.to_exe_vbs(exes = '', opts = {})
    delay   = opts[:delay]   || 5
    persist = opts[:persist] || false

    hash_sub = {}
    hash_sub[:exe_filename]  = opts[:exe_filename] || Rex::Text.rand_text_alpha(rand(8)+8) << '.exe'
    hash_sub[:base64_filename]  = Rex::Text.rand_text_alpha(rand(8)+8) << '.b64'
    hash_sub[:var_shellcode] = Rex::Text.rand_text_alpha(rand(8)+8)
    hash_sub[:var_fname]     = Rex::Text.rand_text_alpha(rand(8)+8)
    hash_sub[:var_func]      = Rex::Text.rand_text_alpha(rand(8)+8)
    hash_sub[:var_obj]       = Rex::Text.rand_text_alpha(rand(8)+8)
    hash_sub[:var_shell]     = Rex::Text.rand_text_alpha(rand(8)+8)
    hash_sub[:var_tempdir]   = Rex::Text.rand_text_alpha(rand(8)+8)
    hash_sub[:var_tempexe]   = Rex::Text.rand_text_alpha(rand(8)+8)
    hash_sub[:var_basedir]   = Rex::Text.rand_text_alpha(rand(8)+8)
    hash_sub[:base64_shellcode] = Rex::Text.encode_base64(exes)
    hash_sub[:var_decodefunc] = Rex::Text.rand_text_alpha(rand(8)+8)
    hash_sub[:var_xml] = Rex::Text.rand_text_alpha(rand(8)+8)
    hash_sub[:var_xmldoc] = Rex::Text.rand_text_alpha(rand(8)+8)
    hash_sub[:var_decoded] = Rex::Text.rand_text_alpha(rand(8)+8)
    hash_sub[:var_adodbstream] = Rex::Text.rand_text_alpha(rand(8)+8)
    hash_sub[:var_decodebase64] = Rex::Text.rand_text_alpha(rand(8)+8)
    hash_sub[:init] = ""

    if persist
      hash_sub[:init] << "Do\r\n"
      hash_sub[:init] << "#{hash_sub[:var_func]}\r\n"
      hash_sub[:init] << "WScript.Sleep #{delay * 1000}\r\n"
      hash_sub[:init] << "Loop\r\n"
    else
      hash_sub[:init] << "#{hash_sub[:var_func]}\r\n"
    end

    read_replace_script_template("to_exe.vbs.template", hash_sub)
  end

to_exe.vbs.template 来自 /usr/local/share/metasploit-framework/data/templates/scripts/to_exe.vbs.template

然后，各种变形混淆吧

msf tips: session is not valid and will be closed

本地可绑定IP与外网IP不一致时
LHOST LPORT用来帮助信标找到服务器
ReverseListenerBindHost 是绑定地址
另外需要关闭AutoVerifySession(原因未知)

问题：
https://github.com/rapid7/metasploit-framework/issues/6799
参见：
https://github.com/rapid7/metasploit-framework/wiki/Debugging-Dead-Meterpreter-Sessions
继续阅读msf tips: session is not valid and will be closed

pyq5开发环境部署

1.eric IDE开发环境
http://eric-ide.python-projects.org/eric-download.html
Installation using PyQt5 wheels

Installing eric6 and its pre-requisites is easy using the PyQt5 Python wheels. In order to have access to the suite of Qt tools and documentation it is recommended to install the Qt development environment because these tools are not part of the PyQt5 wheels.

Download the Qt online installer from the Qt download site.
Install Qt by executing the installer.
Install the eric6 pre-requisites (PyQt, sip and QScintilla) by entering this command in a shell / command window:
pip install qscintilla
or
pip3 install qscintilla
This will install QScintilla and all dependencies, which are PyQt5 and sip.
Install eric6 and configure the path to the Qt tools on the Qt page of the configuration dialog.
Once the eric6 IDE is started the Qt documentation may be loaded into the eric web browser via the Settings ➡ Mange Qt Help Documents menu entry. Note that the documentation (Python/Qt/PyQt) is available in QtHelp format as of November 2016 as documentation plug-ins. In order to use this feature, eric 16.11 or newer needs to be installed.
继续阅读pyq5开发环境部署

rbenv tips

some tips about rb
继续阅读rbenv tips

安全漏洞的概念及分类

复习一下姿势，转自 http://sec.chinabyte.com/165/12946665.shtml
继续阅读安全漏洞的概念及分类

MacOS安装Metasploit报错tips

ruby的pg库报错：
ARCHFLAGS=”-arch x86_64″ bundle install

rb版本
rbenv解决，msf建议的rb版本去github看

Nokogiri 报错
http://stackoverflow.com/questions/24091869/installing-nokogiri-on-osx-10-10-yosemite
先安装
brew tap homebrew/dupes
brew install libxml2 libxslt
brew install libiconv
然后
gem install nokogiri -v ‘1.6.8.1’ — –with-iconv-dir=/usr/local/Cellar/libiconv/1.14/ –use-system-libraries=true –with-xml2-include=/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/libxml2/

postgresql启动不了、连不上
原因是9.5升9.6数据库文件不兼容
brew uninstall postgresql
删除/usr/local/var/postgres/
重新安装

分类：未分类