• 25,450
  • +1,003
  • 2,796
Generate a Shellcode Using MSFPAYLOAD Metasploit Command Line Instance

Generate a Shellcode Using MSFPAYLOAD Metasploit Command Line Instance

Bookmark

Type : Tips and Trick

Level : Easy

Today tips and trick is very easy to follow, because I just want to explain about the usage of msfpayload metasploit command-line instance.

This tutorial is about Generate a Shellcode Using MSFPAYLOAD Metasploit Command Line Instance, learn how do you generate a shellcode for an exploit that are currently not in metasploit framework library.

 

According to offensive-security.com msfpayload is :

msfpayload is a command-line instance of Metasploit that is used to generate and output all of the various types of shellcode that are available in Metasploit

Requirements :

1. Metasploit framework

Step by Step :

The step by step below I do on Backtrack 5 R2.

1. Open your terminal (CTRL + ALT + T)

2. Type msfpayload -h for help

Generate a Shellcode Using MSFPAYLOAD Metasploit Command Line Instance

3. To list the available payload, you also can view it using msfpayload -l command (I snip the pic below, it's too long)

Generate a Shellcode Using MSFPAYLOAD Metasploit Command Line Instance

4. Let's say the payload I want to use is windows/shell_bind_tcp, the next step is you need to know about the switch which you need to configure, so we need to know the available switch by add "O" (see picture).

Generate a Shellcode Using MSFPAYLOAD Metasploit Command Line Instance

as you can see from the picture, the required switch is EXITFUNC (default will be process) and LPORT (local port where this shellcode run at)

5. Now I want to add the value to the LPORT switch, so my command is like this :

msfpayload windows/shell_bind_tcp LPORT=4321 O

Generate a Shellcode Using MSFPAYLOAD Metasploit Command Line Instance

6. If everything has configured successfully, now we will generate the shellcode. To generate the shellcode there's an option to specify the output type (C, Perl, Raw, etc), in this example I will use Perl to output the shellcode.

Generate a Shellcode Using MSFPAYLOAD Metasploit Command Line Instance

that's the shellcode and ready to use…

Hope it's useful 🙂

Subscribe Now To Get Latest Hacking Tutorial on Your E-Mail

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • Himanshu

    can u tell me how to connect dial-up internet
    in backtrack 5 r2 kde 32bit

    • v4L

      #Himanshu
      hmm I never try that…maybe you can google for wvdial.

  • Himanshu

    can u plz post all the dependies and all the debian packages of wvdial and gnome-ppp as i could not find all the dependencies of these debian packages

  • Portuguese Brazilian:
    Valentino, voce poderia postar um tutorial definitivo de como encodar um backdoor..? Exemplo: Eu faço todas as etapas do SET Framework, chega em uma parte que devo selecionar um encode (shikata_ga_nai) até aqui tudo certo! Quando a vitima executa o backdoor o antivirus pega – um exemplo o Avast Antivirus. Como fazer para que os trojans/backdoors passem despercebidos pelo Antivirus?? Obrigado e aguardo resposta!

    English – Google Translation:
    Valentino, you could post a tutorial of how definitive encode a backdoor ..? Example: I do all the steps in the SET Framework, arrives at a party that I select an encode (shikata_ga_nai) until all right here! When the victim runs the backdoor antivirus catches – an example Avast Antivirus. How do the trojans / backdoors pass unnoticed by Antivirus? Thank you and I await response!

  • Bro do u knw how to generate a javascript shellcode …. ? i guess we can generate them in lang’s like java,c,perl,ruby,etc but can u tell me hw to in javascript ??

    • v4L

      #Gudboy
      you can generate it using metasploit. I haven’t write it here. but you can view this tutorial http://www./tips-and-trick/generate-a-shellcode-using-msfpayload-metasploit-command-line-instance

    • Portgues do Brasil:
      Mano, eu sei gerar um backdoor pelo metasploit, SET… Mas minha pergunta não foi essa! A minha questão é: não importa qual o encodar que voce utilizou sempre o Antivirus vai pegar!?

      English:
      Bro, I know the backdoor generate a metasploit, SET … But that was not my question! My question is: no matter what you used to encode always the Antivirus will catch!…

      English:
      #Valentino, I wanna know if you will post a tutorial definitive of how encode a backdoor without the antivirus catch!

      Portugues do Brasil:
      #Valentino, Eu quero saber se voce irá postar um tutorial definitivo de como encodar um backdoor sem que o antivirus pegue!

      • v4L

        #Thiago
        then next time you need to make your question clear.
        To avoid this detection, just write your own exe or modify the source of an existing exe, and execute it in a new way. Of course metasploit can create the exe for you, but then the antivirus companies would identify whatever way metasploit used.