MSFVenom: the best basic tutorials for MSFVenom

The MSFVenom framework is replacing the msfpayload and msfencode environment. The MSFVenom framework is going to replace the msfpayload and msfencode environments on the 8th of June 2015. This will mean that a lot of new courses and trainings will be provided for the new penetration testing framework.

So what is MSFVenom

MSFVenom is a combination of the msfpayload and msfencode environment. The MSFVenom has been tested for more than 3.5 years and the environment is ready to go public. The MSFVenom environment will allow you to perform multiple actions within a couple of commands.

MSFVenom commands

Let’s take a look at the MSFVenom commands which are available:

payload

Payload to use. Specify a ‘-‘ or stdin to use custom payloads

list

List a module type example: payloads, encoders, nops, all

nopsled

Prepend a nopsled of [length] size on to the payload

format

Output format (use –help-formats for a list)

encoder

The encoder to use

arch

The architecture to use

platform

The platform of the payload

space

The maximum size of the resulting payload

bad-chars

The list of characters to avoid example: ‘\x00\xff’

iterations

The number of times to encode the payload

add-code

Specify an additional win32 shellcode file to include

template

Specify a custom executable file to use as a template

keep

Preserve the template behavior and inject the payload as a new thread

payload-options

List the payload’s standard options

out

Save the payload

var-name

Specify a custom variable name to use for certain output formats

help

Provides an interface with multiple MSFVenom commands

help-formats

List available formats

How to generate a payload

To generate a payload, you can use the -p flag. You will also most likely use the -f flag (also known as –format) to specify what the output should be. Format can be two things: either you’re generating an executable type format, or you are generating a transform type format. The executable type means when you create the payload, the output is meant to be a file. The transform format means this is code, as in you probably copy and paste this to some exploit code you’re working on.

The executable format is pretty straight forward, so it needs no further explanation. But there is another flag that’s specifically designed for some transform formats, and that is the -v flag (–var-name). This option allows you have a custom variable name in your output, and currently only the following transform formats support –var-name: bash, c, csharp, java, perl, powershell, py, rb, sh, vbapplication, vbscript.

The following is a basic example of how to generate a file:

./msfvenom -p windows/meterpreter/bind_tcp -f exe

The -p flag also supports “-” as a way to accept a custom payload:

cat payload_file.bin | ./msfvenom -p – -a x86 –platform win -e x86/shikata_ga_nai -f raw

More official MSFVenom examples

The MSFVenom framework has been documented on the Github Rapid7 Wiki page. This page will provide insight on how to use the MSFVenom framework for penetration testing activities.

The page discusses:

MSFVenom on GitHub

You can find the official MSFVenom package on the Github domain.

MSFVenom on Github
MSFVenom on Github

 

The current Github for MSFVenom is:

https://github.com/rapid7/metasploit-framework