Generate shellcode by using msfvenom

Question

he used msfpayload & msfencode to genarate shellcode for cmd command.

msfpayload windows/exec cmd=calc.exe R | msfencode -e x86/alpha_mixed -t c -v

But now, metasploit team change msfpayload & msfencode to msfvenom, so I convert the above code to msfvenom:

msfvenom -a x86 --platform windows -p windows/exec cmd=calc.exe -e x86/alpha_mixed -f c

shellcode has been generated but calculator was not started after excuted command on cmd. What's wrong with my msfvenom code? Thanks for reading.

update: In video, he used a short shellcode. He public the shellcode in description but didn't show how to generate it. I've followed his instruction and get a long shellcode. When I use his short shellcode, it's worked but the same is not happen to my long shellcode.

score 0 · Answer 1 · answered Jun 28 '22 at 09:44

The problem is using -f c in msfvenom would result in a shellcode as the output that cannot be directly executed in command line. The shellcode will require a wrapper program that will put shellcode in memory and execute it. This program then needs to be compiled as an executable.

An example wrapper function written in c:

#include <stdio.h>

unsigned char code[] = "\xYourShellCode";

int main(int argc, char **argv) {
  int foo_value = 0;

  int (*foo)() = (int(*)())code;
  foo_value = foo();

  printf("%d\n", foo_value);
}

Instead if you just want an executable as output, you can try this:

(popping a calc for x64 windows)

msfvenom --platform windows --arch x64  -p windows/x64/exec CMD=calc.exe -b '\x00\x0A\x0D' -f exe -o a.exe

score 0 · Answer 2 · edited Feb 17 '23 at 15:35

0

This worked for me:

msfvenom -p windows/exec cmd=notepad.exe -f c -e x86/alpha_mixed

edited Feb 17 '23 at 15:35

Compo

36,585
5
27
39

answered Feb 15 '23 at 20:22

Rafael da Costa

1

Generate shellcode by using msfvenom

2 Answers2