攻擊載荷(payload)是系統被攻陷後執行的操作。通常攻擊載荷附加於漏洞攻擊模塊之上,隨漏洞攻擊一起分發。
攻擊載荷主分別爲:
singles stagers stages
singles
Singles are payloads that are self-contained and completely standalone. A Single payload can be something as simple as adding a user to the target system or running calc.exe.
These kinds of payloads are self-contained, so they can be caught with non-metasploit handlers such as netcat.
Singles載荷是自包含的、完全獨立的載荷,一個Singles載荷可以在目標系統上添加用戶或運行calc.exe文件。
這些攻擊載荷都是自包含的,所以它們能被像netcat等非metasploit程序捕獲。
singles是自包含的、完全獨立的攻擊載荷,其運行如同運行一個小的可執行文件一樣。
stagers
Stagers setup a network connection between the attacker and victim and are designed to be small and reliable. It is difficult to always do both of these well so the result is multiple similar stagers. Metasploit will use the best one when it can and fall back to a less-preferred one when necessary.
Windows NX vs NO-NX Stagers
Reliability issue for NX CPUs and DEP
NX stagers are bigger (VirtualAlloc)
Default is now NX + Win7 compatible
Stagers在攻擊者與被攻擊者之間建立網絡連接,同時要設計的小而可靠。很難把這二者都做好,所以就產生了多個類似的stagers。Metasploit會擇優選擇同時在必要的時候會返回到一個非最優選擇。
Stages
Stages are payload components that are downloaded by Stagers modules. The various payload stages provide advanced features with no size limits such as Meterpreter, VNC Injection, and the iPhone ‘ipwn’ Shell.
Payload stages automatically use ‘middle stagers’
A single recv() fails with large payloads
The stager receives the middle stager
The middle stager then performs a full download
Also better for RWX
Stages是Stagers模塊的載荷組件,Stages載荷提供沒有空間限制的高級功能,比如Meterpreter,VNC注入,iPhone ‘ipwn’Shell。
stages載荷的主要作用在於,它可以利用微小的stagers載荷以適應那些漏洞利用空間狹小的漏洞完成攻擊。在漏洞攻擊過程中,漏洞攻擊開發者能夠支配的內存空間非常有限。stagers則可以利用這些空間,其主要工作就是完成stages載荷的剩餘任務。
比如 windows/shell_bind_tcp” 是一個single載荷,
windows/shell/bind_tcp” 包含stager 載荷(bind_tcp) 和一個stage載荷 (shell).