MSFVenom: Difference between revisions

From charlesreid1

(Created page with "Can be used to craft payloads like remote tcp shells. See this tool in action: Metasploitable/Apache/DAV")
 
No edit summary
Line 2: Line 2:


See this tool in action: [[Metasploitable/Apache/DAV]]
See this tool in action: [[Metasploitable/Apache/DAV]]
=Creating Payloads=
==Tomcat==
To create a WAR file that woudl give a reverse shell, I used msfvenom to generate the payload.
Started by listing all the different payloads available, so I could look for java-related payloads:
<pre>
root@morpheus:~/box/besside# msfvenom -l payloads
Framework Payloads (437 total)
==============================
    Name                                                Description
    ----                                                -----------
    java/jsp_shell_bind_tcp                            Listen for a connection and spawn a command shell
    java/jsp_shell_reverse_tcp                          Connect back to attacker and spawn a command shell
    java/meterpreter/bind_tcp                          Run a meterpreter server in Java. Listen for a connection
    java/meterpreter/reverse_http                      Run a meterpreter server in Java. Tunnel communication over HTTP
    java/meterpreter/reverse_https                      Run a meterpreter server in Java. Tunnel communication over HTTPS
    java/meterpreter/reverse_tcp                        Run a meterpreter server in Java. Connect back stager
    java/shell/bind_tcp                                Spawn a piped command shell (cmd.exe on Windows, /bin/sh everywhere else). Listen for a connection
    java/shell/reverse_tcp                              Spawn a piped command shell (cmd.exe on Windows, /bin/sh everywhere else). Connect back stager
    java/shell_reverse_tcp                              Connect back to attacker and spawn a command shell
</pre>

Revision as of 04:37, 30 March 2016

Can be used to craft payloads like remote tcp shells.

See this tool in action: Metasploitable/Apache/DAV

Creating Payloads

Tomcat

To create a WAR file that woudl give a reverse shell, I used msfvenom to generate the payload.

Started by listing all the different payloads available, so I could look for java-related payloads: 

root@morpheus:~/box/besside# msfvenom -l payloads

Framework Payloads (437 total)
==============================

    Name                                                Description
    ----                                                -----------
    java/jsp_shell_bind_tcp                             Listen for a connection and spawn a command shell
    java/jsp_shell_reverse_tcp                          Connect back to attacker and spawn a command shell
    java/meterpreter/bind_tcp                           Run a meterpreter server in Java. Listen for a connection
    java/meterpreter/reverse_http                       Run a meterpreter server in Java. Tunnel communication over HTTP
    java/meterpreter/reverse_https                      Run a meterpreter server in Java. Tunnel communication over HTTPS
    java/meterpreter/reverse_tcp                        Run a meterpreter server in Java. Connect back stager
    java/shell/bind_tcp                                 Spawn a piped command shell (cmd.exe on Windows, /bin/sh everywhere else). Listen for a connection
    java/shell/reverse_tcp                              Spawn a piped command shell (cmd.exe on Windows, /bin/sh everywhere else). Connect back stager
    java/shell_reverse_tcp                              Connect back to attacker and spawn a command shell
Retrieved from "https://charlesreid1.com/w/index.php?title=MSFVenom&oldid=10122"