Sunday, October 26, 2014

msfconsole Memo

In Secure Programming assignment, we are asked to get the flag on the server using shellcode solution. So, I've studied msfconsole and written some notes here:

Pick Target Platform / Action

First step, pick pick your target platform and the action using 'use' command. For example: use payload/linux/x86/exec

Show

'show encoders' to view the encoder list.

Generate Code

Generate your result by 'generate' command. And the options are as below
  • -h: see the help text
  • -b <opt>: the list of characters to avoid, ex. '\x00\xff'
  • -e <opt>: the name of the encoder module to use
  • -f <opt>: the output file name (otherwise stdout)
  • -i <opt>: the number of encoding iterations
  • -o <opt>: a comma separated list of options in VAR=VAL format
  • -s <opt>: add NOOP characters
  • -t <opt>: the output format: raw, ruby, rb, perl, pl, c, js_be, je_le, java, dll ...

More

  • You can execute shell commands in msfconsole directly.

Reference