PrincessPi/android-hackhackin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
android-hackhackin/msfvenom/payload_options/cmd-windows-http-x64-custom-reverse_named_pipe.txt
T

77 lines
5.2 KiB
Plaintext
Raw Permalink Blame History

Name: HTTP Fetch, Windows shellcode stage, Windows x64 Reverse Named Pipe (SMB) Stager
Module: payload/cmd/windows/http/x64/custom/reverse_named_pipe
Platform: Windows
Arch: cmd
Needs Admin: No
Total size: 131
Rank: Normal
Provided by:
Brendan Watters
bwatters-r7
OJ Reeves
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
FETCH_COMMAND CERTUTIL yes Command to fetch payload (Accepted: CURL, TFTP, CERTUTIL)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILENAME ylcErYfJjgDF no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_SRVHOST yes Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
FETCH_WRITABLE_DIR %TEMP% yes Remote writable dir to store payload; cannot contain spaces.
PIPEHOST . yes Host of the pipe to connect to
PIPENAME msf-pipe yes Name of the pipe to listen on
SHELLCODE_FILE no Shellcode bin to launch
When FETCH_COMMAND is one of CURL:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
Description:
Fetch and execute an x64 payload from an HTTP server.
Custom shellcode stage.
Connect back to the attacker via a named pipe pivot
Name Current Setting Required Description
---- --------------- -------- -----------
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableStageEncoding false no Encode the second stage payload
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
PrependMigrate false yes Spawns and runs shellcode in new process
PrependMigrateProc no Process to spawn and run shellcode in
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
Reference in New Issue View Git Blame Copy Permalink