Comprehensive Guide on MSFPC

Hack News

Latest Hacker News and IT Security News

How To

Comprehensive Guide on MSFPC

Hello Friends!!

As you all are aware of MSFvenom-A tool in Kali Linux for generating payload, is also available as MSFvenom Payload Creator (MSFPC) for generating various “basic” Meterpreter payloads via msfvenom. It is fully automating msfvenom & Metasploit is the end goal.

MSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple types of payloads, based on user’s choice. The idea is to be as simple as possible (only requiring one input) to produce their payload.

Source: https://github.com/g0tmi1k/mpc

Author: g0tmi1k

Syntax

Create a Payload with Interactive IP Mode

Let’s create the payload for Windows platform with the help of following command

When you will enter above command it will automatically confirm the interface:

Which interface should be used?

eth0, lo wan

We press 1 for eth0 and then it will start generating payload and as result give us following:

  1. Location of MSF handler file and windows meterpreter created.
  2. Command to be run to start multi handler automatically within metasploit framework.
  3. Command for file transfer through web server.

 

Basically the msfpc is design to reduce the user’s effort in generating payload of various platforms with different-different format of file. So when you will type “msfpc” it will display all types of platform and generate a specific format of file likewise.

Syntax: msfpc <platform-type> <Lhost IP> <Lport>

Windows Payload

If you want to generate a payload to get meterpreter session victim’s machine which operates on Windows, then all you need to do is type following:

If you will not mention IP, it will automatically ask to choose interface as discussed above and choose 443 as default lport. It creates a malicious backdoor in the .exe format for 32-bit architecture. Then it will start generating the payload and as result give us details following details.

  • Location of MSF handler file and windows meterpreter created: ‘/root/windows-meterpreter-staged-reverse-tcp-1234.exe’
  • command to be run to start multi handler automatically: msfconsole -q -r ‘/root/windows-meterpreter-staged-reverse-tcp-1234-exe.rc’
  • Command for file transfer through web server: python2 -m SimpleHTTPServer 8080

 

Now run the following command to launch multi/handler and web server for file transfer.

When victim will browse the following URL where it will ask to download and run the .exe file that will provide meterpreter session to the attacker.

Conclusion: Earlier the attackers were using manual method to generate a payload via msfvenom command and then use Metasploit module “multi/handler” to access the reverse connection via meterpreter session and this technique was quite successfully approach to compromise a victim’s machine although took much time. But same approach is applicable with the help of MSFPC for generating various “basic” Meterpreter payloads via msfvenom.

Android Payload

If you want to generate a payload to get meterpreter session victim’s machine which operates on Android, then all you need to do is type following:

It creates a malicious backdoor in the .apk format. Then it will start generating the payload and as result give us following details.

  • Location of MSF handler file and android meterpreter created: ‘/root/android-meterpreter-stageless-reverse-tcp-1234.apk’
  • Command to be run to start multi handler automatically: msfconsole -q -r ‘/root/android-meterpreter-stageless-reverse-tcp-1234.apk.rc’
  • Command for file transfer through web server: python2 -m SimpleHTTPServer 8080

Now run the following command to launch multi/handler and web server for file transfer.

When victim will browse the following URL where it will ask to install the application and run the .apk file that will provide meterpreter session to the attacker.

Hence you can observe as said above, we have meterpreter session of target’s machine.

BASH

The pro above MSFPC is that it reduces the stress to remember the format for each platform, all we need to do is just follow the above declare syntax and the rest will be managed by MSFPC automatically. Suppose I want to create a payload for Bash platform, and then it will take a few minutes in MSFPC to generate a bash payload.

It creates a malicious backdoor in the .sh format. Then it will start generating the payload and as result give us following:

  • Location of MSF handler file and bash meterpreter created: ‘/root/bash-shell-staged-reverse-tcp-1234.sh.’
  • Command to be run to start multi handler automatically: msfconsole -q -r ‘/root/bash-shell-staged-reverse-tcp-1234.sh.rc’
  • Command for file transfer through web server: python2 -m SimpleHTTPServer 8080

Now run the following command to launch multi/handler and web server for file transfer.

When victim will browse the following URL where it will ask to install the script and once the target run the bash script with full permission, it will give command shell.  

Hence you can observe as said above, we have command shell of target’s machine and with the help of the following command we have upgraded it into meterpreter shell.

Linux

If you want to generate a payload to get meterpreter session victim’s machine which operates on Linux, then all you need to do is type following:

It creates a malicious backdoor in the .elf format. Then it will start generating the payload and as result give us following details:

  • Location of MSF handler file and Linux shell created: ‘/root/linux-shell-staged-reverse-tcp-4444.elf
  • Command to be run to start multi handler automatically: msfconsole -q -r ‘/root/linux-shell-staged-reverse-tcp-4444.elf.rc’
  • Command for file transfer through web server: python2 -m SimpleHTTPServer 8080

 

Now run the following command to launch multi/handler and web server for file transfer.

When victim will browse the following URL where it will ask to install the application and once the target run the .elf file with full permission, it will give command shell. 

Hence you can observe as said above, we have command shell of target’s machine and with the help of the following command we have upgraded it into meterpreter shell.

Python

If you want to generate a payload to get meterpreter session victim’s machine which operates on Python, then all you need to do is type following:

It creates a malicious backdoor in the .py format. Then it will start generating the payload and as result give us following detaisl:

Location of MSF handler file and python meterpreter created: ‘/root/python-meterpreter-staged-reverse_tcp-5555.py

Command to be run to start multi handler automatically: msfconsole -q -r ‘/root/python-meterpreter-staged-reverse_tcp-5555.py.rc’
Command for file transfer through web server: python2 -m SimpleHTTPServer 8080

Now run the following command to launch multi/handler and web server for file transfer.

When victim will browse the following URL where it will ask to install the script and once the target run the python script, it will give meterpreter session. 

Hence you can observe as said above, we have meterpreter session of target’s machine

Batch (Generates all Possible Combination Payloads)

 Batch is most significant Mode as it generate as much as possible combination of payload. If we want to create all payloads which can give meterpreter session then we can use the following command in that situation.

In the given below command you can observe here it has generated all possible types payload which can give meterpreter sessions. Although the rest technique is as above to execute the payload and get reverse connection.

If we want to create all payloads which can give command shell session of the target’s machine then we can use the following command in that situation.

In the given below command you can observe here it has generated all possible types payload which can give command shell.

Loop (Generates One payload for Each Platform)

Loop is also most significant mode as it generates on of each type of payload with their default values. Hence by default will generate a payload to provide meterpreter session rather than command shell session.

In the given below command you can observe here it has generated all possible types payload for each platform which can give meterpreter sessions. Although the rest technique is as above to execute the payload and get reverse connection.

Generating Stageless Payload

As we all know there are two types of payloads i.e. stag and stageless and by default it creates a stage payload. If you want to create a stageless payload then you can go with the following command to generate stageless payload for command shell session or meterpreter session.

The rest technique is as above to execute the payload and get reverse connection.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

Related Posts Plugin for WordPress, Blogger...

Comment here