1. msfpayload
The msfpayload is component of metasploit's that allows to generate shellcode, executables and much more for use in exploitsoutside of the framework.
Shellcode can be generated in many formats including JavaScript, Ruby, C, and even Visual Basic for Application. Each output format will be useful in various situations.
For example, if we are working with a Python-based proof of concept, C-style output might be best, if we are working on browser exploit, a Javascript output format might be best. After we have desired output, we can easily insert the payload directly into an HTML file to trigger the exploit
root@bt:/pentest/exploits/framework# msfpayload windows/meterpreter/bind_tcp
2. msfencode
The msfencode is development of metasploit's which help us to avoid bad characters and evade antivirus and IDS by encoding the original payload in away what does not include bad characters.
When in doubt, thought, we really can't go wrong with the x86/shikata_ga_nai encoder, the only encoder with the rank of Excellent, a measure of reliability and stability of a module. to see the list of encoders available, append -1 to msfcode as shown next. the payloads are ranked in order of reliability.
root@bt:/pentest/exploits/framework# msfencode -1
Tidak ada komentar:
Posting Komentar