Metasploit 渗透测试实例分析摘 要:随着信息技术的飞速进展,信息安全的概念也在逐步深化人心。为了更好的保护用户信息,提高系统的安全性,渗透测试技术应运而生。简而言之,渗透测试就是模拟黑客的技术手段去检测系统的安全性。 本文选择 Metasploit 渗透测试框架为平台,阐述了 Metasploit 框架的内容,详细讲解了不同界面下 Metasploit 渗透框架的使用方法,详细讲解了 Metasploit 的所用功能和参数。然后,本文以实际操作为基础,讲解怎样通过查找的漏洞进行对目标主机攻击来获得 Meterpreter shell。成功猎取 Meterpreter shell 之后就可以通过 Metasploit 一些基本的命令来收集更多的信息,以便达到对目标主机的长期控制和不被用户察觉。关键词:渗透;Metasploit;Meterpreter shell。Metasploit penetration testing example analysisAbstract:With the rapid development of information technology, information security is gradually becoming more popular。 In order to protect user information and to improve system security, penetration testing techniques have emerged. In short, penetration testing is a technology that simulates the means of hackers to check the security of a system. Paper chooses Metasploit penetration testing framework as a platform to explain the contents of the Metasploit Framework, a detailed account of the use of different interfaces under the Metasploit penetration framework Metasploit explained in detail by using the function and parameters. Then , the paper—based practice , explain how to find loopholes through the target host attack to get Meterpreter shell 。 After successfully obtaining Meterpreter shell can to collect more information through Metasploit some basic commands in order to achieve long—term control of the target host and are not aware of the user. Key words:permeation;Metasploit;Meterpreter shell.第一章 引言..................................................1第二章 概述..........................................
