lmao the living hell persists buit so do i :sweetdreams:
This commit is contained in:
@@ -0,0 +1,85 @@
|
||||
|
||||
Name: HTTP Fetch, Windows x64 Bind Named Pipe Stager
|
||||
Module: payload/cmd/windows/http/x64/vncinject/bind_named_pipe
|
||||
Platform: Windows
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 123
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
sf <stephen_fewer@harmonysecurity.com>
|
||||
UserExistsError
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AUTOVNC true yes Automatically launch VNC viewer if present
|
||||
DisableCourtesyShell true no Disables the Metasploit Courtesy shell
|
||||
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
|
||||
FETCH_COMMAND CERTUTIL yes Command to fetch payload (Accepted: CURL, TFTP, CERTUTIL)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILENAME uTGlynUV no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
FETCH_WRITABLE_DIR %TEMP% yes Remote writable dir to store payload; cannot contain spaces.
|
||||
LPORT 445 yes SMB port
|
||||
PIPENAME msf-pipe yes Name of the pipe to connect to
|
||||
RHOST no Host of the pipe to connect to
|
||||
SMBDomain . no The Windows domain to use for authentication
|
||||
SMBPass no The password for the specified username
|
||||
SMBUser no The username to authenticate as
|
||||
VNCHOST 127.0.0.1 yes The local host to use for the VNC proxy
|
||||
VNCPORT 5900 yes The local port to use for the VNC proxy
|
||||
ViewOnly true no Runs the viewer in view mode
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
Description:
|
||||
Fetch and execute an x64 payload from an HTTP server.
|
||||
Listen for a pipe connection (Windows x64)
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
DisableSessionTracking false no Disables the VNC payload from following the active session as users log in an out of the input desktop
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
PrependMigrate false yes Spawns and runs shellcode in new process
|
||||
PrependMigrateProc no Process to spawn and run shellcode in
|
||||
SMBDirect true yes The target port is a raw SMB service (not NetBIOS)
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WAIT_TIMEOUT 10 no Seconds pipe will wait for a connection
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
Reference in New Issue
Block a user