0

according to this video

he used msfpayload & msfencode to genarate shellcode for cmd command.

msfpayload windows/exec cmd=calc.exe R | msfencode -e x86/alpha_mixed -t c -v

But now, metasploit team change msfpayload & msfencode to msfvenom, so I convert the above code to msfvenom:

msfvenom -a x86 --platform windows -p windows/exec cmd=calc.exe -e x86/alpha_mixed -f c

shellcode has been generated but calculator was not started after excuted command on cmd. What's wrong with my msfvenom code? Thanks for reading.

update: In video, he used a short shellcode. He public the shellcode in description but didn't show how to generate it. I've followed his instruction and get a long shellcode. When I use his short shellcode, it's worked but the same is not happen to my long shellcode.

Trai Nguyen
  • 9
  • 1
  • 1
  • 2

2 Answers2

0

The problem is using -f c in msfvenom would result in a shellcode as the output that cannot be directly executed in command line. The shellcode will require a wrapper program that will put shellcode in memory and execute it. This program then needs to be compiled as an executable.

An example wrapper function written in c:

#include <stdio.h>

unsigned char code[] = "\xYourShellCode";

int main(int argc, char **argv) {
  int foo_value = 0;

  int (*foo)() = (int(*)())code;
  foo_value = foo();

  printf("%d\n", foo_value);
}

Instead if you just want an executable as output, you can try this:

(popping a calc for x64 windows)

msfvenom --platform windows --arch x64  -p windows/x64/exec CMD=calc.exe -b '\x00\x0A\x0D' -f exe -o a.exe
fanbyprinciple
  • 554
  • 7
  • 14
0

This worked for me:

msfvenom -p windows/exec cmd=notepad.exe -f c -e x86/alpha_mixed
Compo
  • 36,585
  • 5
  • 27
  • 39