理解攻击载荷

攻击载荷(payload)是系统被攻陷后执行的操作。通常攻击载荷附加于漏洞攻击模块之上,随漏洞攻击一起分发。

攻击载荷主分别为:

singles stagers stages

这里写图片描述

singles

Singles are payloads that are self-contained and completely standalone. A Single payload can be something as simple as adding a user to the target system or running calc.exe.

These kinds of payloads are self-contained, so they can be caught with non-metasploit handlers such as netcat.

Singles载荷是自包含的、完全独立的载荷,一个Singles载荷可以在目标系统上添加用户或运行calc.exe文件。
这些攻击载荷都是自包含的,所以它们能被像netcat等非metasploit程序捕获。

singles是自包含的、完全独立的攻击载荷,其运行如同运行一个小的可执行文件一样。

stagers

Stagers setup a network connection between the attacker and victim and are designed to be small and reliable. It is difficult to always do both of these well so the result is multiple similar stagers. Metasploit will use the best one when it can and fall back to a less-preferred one when necessary.

Windows NX vs NO-NX Stagers

Reliability issue for NX CPUs and DEP
NX stagers are bigger (VirtualAlloc)
Default is now NX + Win7 compatible

Stagers在攻击者与被攻击者之间建立网络连接,同时要设计的小而可靠。很难把这二者都做好,所以就产生了多个类似的stagers。Metasploit会择优选择同时在必要的时候会返回到一个非最优选择。

Stages

Stages are payload components that are downloaded by Stagers modules. The various payload stages provide advanced features with no size limits such as Meterpreter, VNC Injection, and the iPhone ‘ipwn’ Shell.

Payload stages automatically use ‘middle stagers’

A single recv() fails with large payloads
The stager receives the middle stager
The middle stager then performs a full download
Also better for RWX

Stages是Stagers模块的载荷组件,Stages载荷提供没有空间限制的高级功能,比如Meterpreter,VNC注入,iPhone ‘ipwn’Shell。

stages载荷的主要作用在于,它可以利用微小的stagers载荷以适应那些漏洞利用空间狭小的漏洞完成攻击。在漏洞攻击过程中,漏洞攻击开发者能够支配的内存空间非常有限。stagers则可以利用这些空间,其主要工作就是完成stages载荷的剩余任务。

比如 windows/shell_bind_tcp” 是一个single载荷,
windows/shell/bind_tcp” 包含stager 载荷(bind_tcp) 和一个stage载荷 (shell).

展开阅读全文

没有更多推荐了,返回首页