In msfvenom, what does it mean exactly when I specify the format to C or Python? And what is the format 'raw' for? I know, when the format is psh-cmd it runs in the command prompt, and when it is exe it runs as a normal executable, but what about the others?
Asked
Active
Viewed 6,243 times
1
-
If you run those formats, you will see that `C` and `python` will produce code in those formats... – schroeder Sep 24 '16 at 21:06
1 Answers
2
There are 2 formats in msfvenom. Executable formats and transform formats (see Metasploit unleashed). The first one will create an executable of some sort. exe will create a Windows executable. Elf will create a Linux executable. Psh will create a powershell script you can execute right away. And so on. The transform formats format the payload in the given format so that you can include it in a program of the same format. if you provide "C" here you will get an array of unsigned char. Up to you to use it in your C source code. You will most probably use the transform-format when writing an exploit and sending the payload over the network. If the exploit is written in ruby you'll want the payload as ruby array. I just tried format "raw": It seems to output the payload as pure binary executable code. Don't know what one would use that for, didn't happen to me yet.
kaidentity
- 2,634
- 13
- 30
-
Thank you, for what I understood the raw format is when I want to pipe the output to encode it again with a different encoder, that is the only use I found for it. But thank you for the explanation, I understand now – pedro santos Sep 25 '16 at 13:32
-
The `raw` format is also useful payload types that are already ascii text by their nature, like `python/meterpreter/reverse_tcp` which is python code. – egypt Feb 06 '17 at 23:13