Time
7 minutes
Difficulty
Intermediate

Video Transcription

00:06
and welcome to another episode of breaking stuff with Robert.
00:11
Today we're going over M S F P C, which is short for the menace plate framework Venom Payload Creator. This is a rapper that helps you to generate different types of payload based on your selections and inputs, and it essentially makes the process of creating a payload
00:29
a little bit easier. But for those of you with experience in doing penetration, testing
00:34
on those types of things using medicine, flight, you know that that payload generator is actually really, really, really great for doing. Very specific things are adding, you know, Cem encoding or changes to a payload, or
00:49
really, the sky's the limit. But this is kind of a simple version of that that allows you to quickly generate something for testing purposes.
00:56
No
00:57
target audiences here are exploitation analysts looking to recreate attacks or demonstrate knowledge packs cyber defense analysts looking to create signatures for attacks using interpreter or other payloads and penetration testers looking too quickly generate payloads for use against target systems.
01:12
Some pretty requisites here. It would be good to know about menace point and how it's used in some basic syntax. There
01:19
a fundamental knowledge of shell types while not required for this video, we will talk about, like, reverse shell or buying shell. And so it's good to understand what that means with respect to getting a connection to a system
01:30
knowledge of payload delivery methods. So we're just gonna use a basic Web server here in the demo, but understanding how payloads work, how they connect back to systems, things of that nature is gonna be critical to helping you to understand this tool and why it's, you know, great for quick use and then fundamental knowledge of the county Lennox command line A utilization.
01:49
So with those things in mind, let's go ahead and jump into our demo.
01:56
All right, everybody, welcome to the handy dandy lamb environment today is we promised. We're talking about the men exploit framework Payload
02:06
creator. So in short, M S F p. C. Is used to help us kind of streamlined the process of creating payloads. Now,
02:15
I said medicine point framework, uh, menace plate from work payload creator, but really uses MSF venom to help us put this together and make this kind of an easy process. If you've ever used MSF venom or had to kind of lay out the long string of
02:30
information to generate a payload. It's not really much more than this, but we're going to kind of go above and beyond using some of these
02:38
additional pieces. Chairman, you could just generate in a basic query here, MSF PCU could do windows and the I P address, and then that would generate a windows based payload for you. But we're going to kind of add some additional things to this to make it a little bit more targeted. So
02:57
let's go ahead and do MSF PC Over here. We've got the I p. Address of our attacking machines that will do that. I pee. Sorry, we gotta do windows first cause we're gonna attack windows based machines windows
03:10
and then the I pee wee want to connect back to
03:15
who's
03:17
here
03:20
and then a port
03:22
and could be any pork. I used 1234 All the time we're doing a reverse payload
03:28
or a connection type. You could do reverse our bond. And so buying, meaning it binds to the other system and you connect reverse meaning it connects back. So we want to connect that we're gonna do a stage. This payload, which means when you run it, it runs and then TCP
03:40
so it goes through the process here, it looks like, Yeah, I had one from the other time that was already there. So it just went ahead and overwrote it. No big deal. So with that in mind, we're gonna go ahead and start this quick web server here
03:54
and that Lina commands
04:00
always make report,
04:02
and that will serve up content. That's in the directory. Where? The payload. Now,
04:09
I'm gonna open up this, uh,
04:12
when page here.
04:14
So we navigate to the attacking machine. Now, in this case, we're imagining that maybe we've tricked a user
04:18
into clicking on something. Maybe we're on the machine, but we don't have additional tools, whatever the case may be. And so we connect happened, some trouble navigating. We connect here.
04:31
And this just gives us a directory that it's serving upon the Kelly system. There's r E X e.
04:40
And once we download that,
04:44
you can just write.
04:48
Oh, look at that. So our antivirus con, it's good for the antivirus, but we're gonna stop it from doing that this time, so Let's turn the antivirus office you can see there. I mean, this doesn't generate like, a payload that's encrypted or doesn't change the checks. Um, so you've got,
05:01
um,
05:03
and a virus on a system Or, you know, if you haven't altered the check, some of the
05:09
payload, then of course, it'll block it. So let's go ahead.
05:12
I'm just turning off the protections.
05:15
Yeah.
05:16
Now let's see if it sings a different tune.
05:24
Oh, we're keeping it
05:27
and let's see,
05:30
So it looks like it. Got it?
05:32
No,
05:33
it's given me this warning to not run it. But before I run it, there's one thing we have to do here. So this won't just connect back.
05:41
We actually have to start a listener or something that will accept the connection.
05:46
So we have to bring up the men, exploit framework,
05:48
and then we're gonna just use
05:50
the multi handler.
05:54
And when I set the payload
05:57
two windows, my interpreter, you should finish with tab here sometimes,
06:03
and then we're doing a reverse TCP connection
06:09
so you can check the options
06:13
that it needs. So we'll set the local host
06:15
through the I P.
06:19
We'll set the local port to that 1234 ports
06:26
that we cut in the payload.
06:30
They and that starts now,
06:32
run anyways.
06:35
And there you go. We've got a connection.
06:39
So obviously, um,
06:41
there's a few other things that we would probably have to do in this process. If we were, you know, against the machine that had up to date anniversary, we would likely need to run this through some type of Mafia skater before sending it to the other side or try and maybe some different Codex to run this through. We're just tryingto
06:59
to make it so that the universe doesn't pick it up. But again, for the sake of this demonstration, we kind of showed you how you could use
07:03
um, you know, this payload generator
07:08
to create those four either man exploit. Or you could even set up a listener without using my comm interpreter type connection there. But with that in mind, let's go ahead and jump actually slides.
07:20
Well, I hope you enjoyed that demonstration of M S, F. P C and some of the ways that you can use that. And hopefully that use case provides you with some you know, thoughts on what you could do with a tool on how it could benefit you in your testing or security needs.
07:36
So with those things in mind, I want to thank you for your time today and I look forward to seeing you again here.

How to Use MSFVenom Payload Creator (BSWR)

MSFPC, also known as MSFvenom Payload Creator, generates several types of payloads, based on user-selected options.

The MSFVenom Payload Creator tool automates msfvenom and Metasploit usage and offers features including IP selection menu, msfconsle resource file/commands, batch payload production and ability to end arguments.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor