Hello, aspiring ethical hackers. In our previous blogpost, you have learnt about types of Metasploit payloads, what is a payload etc. In this blogpost you will learn what is a payload generator and popular payload generators.
What is a payload?
A payload in cyber security is a piece of code that is executed after successfully running an exploit to take advantage of a vulnerability. When a Proof Of Concept (POC) for a vulnerability is disclosed, this allows most hackers around the world to execute their chosen payloads. This payload can be anything from malware, reverse shell, RAT, ransomware etc or their own custom payload.
For example, ms08_067 vulnerability was exploited in real-world to deploy Conficker worm payload, but while pen testing with Metasploit, meterpreter is used as payload. Although payloads can be created manually, it would be very simple to make payloads with payload generators.
What is a payload generator?
Any software or application that helps us to automatically create a payload to be used in a pen test is known as a payload generator. Payloads can be a simple one liner or multiple lines of complex code. Whatever it is, it is payload generator makes our work very simple. Let’s learn about some of the popular payload generators.
1. MSF venom:
MSF venom is a payload generator fromMetasploitframework that can be pretty useful in generating payloads forwindows hacking,Linux hacking, web applicationhackingand even mobile hacking. MSF venom is a replacement to MSF payload earlier. Learn more about msfvenom.
2. Veil-Framework:
Veil-Framework is a tool that can generateMetasploit payloadsthat bypass common anti-virus solutions. Veil-framework is officially supported by Debian 8 and Kali Linux rolling 2018+. It may also be run on Arch Linux, Manjaro Linux, Black Arch Linux, Deepin 15+, Elementary, Fedora 22+, Linux Mint, Parrot Security, Ubuntu 15.10+ and Void Linux. Learn more about Veil Framework.
3. Msfpc:
MSFvenom Payload Creator (MSFPC) is a wrapper that can generate multiple types of payloads, based on users choice. The idea is to be assimple as possible(only requiring one input) to produce their payload.
4. WinPayloads:
This tool can generate undetectable Windows payloads.
5. Arcanus Framework:
ARCANUS is a customized payload generator/handler for penetration testing that can generate both Linux and Windows payloads. Learn more about Arcanus Framework.
6. Hercule’s Framework:
HERCULES is a customizable payload generator to generate Windows and Linux payloads that bypass antivirus software.
